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Installing  the  best 
security  products  isn't 
enough  to  keep  your  network  safe  if 
unsuspecting  employees  are  the  weak  link  in 
your  security  chain.  Find  out  how  you  can  train 
employees  to  be  effective  human  firewalls. 
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IKE  LOW  COST  MOVE  IS  ON. 


We  make  the  net  work. 


Challenges 
dog  Cisco  as 
company’s 
role  expands 


New  deals 
tie  fees  to 
revenue 


■  BY  PHIL  HOCHMUTH  AND 
JIM  DUFFY 

When  you  get  past  the  public 
images  of  Cisco  —  marketing 
machine,  acqui¬ 
sitions  jugger¬ 
naut,  Wall  Street 
bellwether  — 
there  is  a  tech-  Second  of 

nology  com-  two  parte 

pany.  And  a  pretty  good  one, 
most  users  and  analysts  agree. 

Founded  as  a  maker  of  boxes 
that  connect  computers,  Cisco 
has  expanded  its  scope  into 
almost  every  area  of  corporate 
network  computing,  from  LANs 
and  WANs,  to  security  data  cen¬ 
ters,  storage-area  networks,  tele¬ 
com, voice  and  wireless.And  as  it 
See  Cisco,  page  12 


■  BY  ANN  BEDNARZ 

While  many  virtual  computing 
visions  promise  pay  as  you  go 
utility-like  pricing,  some  compa¬ 
nies  are  already  realizing 
metered  rates  in  outsourcing 
deals  that  tie  service  fees  to  busi¬ 
ness  performance. 

Take  Canada  Life:  The  more  in¬ 
surance  policies  the  company 
sells,  the  more  money  IBM  gets 
for  hosting  its  claims-processing 
application.  Similarly,  e-com¬ 


merce  service  provider  Digital 
Rivers  fees  are  based  on  the 
amount  of  baseball  parapherna¬ 
lia  sold  through  the  Major  League 
Baseball  Web  sites  it  built  and 
maintains. 

There’s  growing  interest  among 
companies  to  broker  outsourcing 
agreements  that  are  based  on 
business  metrics  rather  than  tech¬ 
nology  metrics  such  as  CPU 
cycles  or  storage  consumption, 
observers  say 

See  Contracts,  page  16 


Execs  tout,  question  Wi-Fi 

Industry  leaders  at  Vortex  2003  disagree  about  impact  of  802.11  options. 


■  BY  BOB  BROWN 

DANA  POINT,  CALIF  — Vendors 
might  be  furiously  trying  to  ex¬ 
ploit  Wi-Fi  wireless  LAN  technol¬ 
ogy,  but  the  consensus  at  last 
week’s  Vortex  2003  conference 
was  that  few  have  figured  out  how 
to  make  a  real  business  of  it. 

Intel  CEO  Craig  Barrett,  Verizon 
President  Larry  Babbio,  Jr.  and 
General  Motors  CTO  Tony  Scott 
were  among  the  industry  movers 
pressed  on-stage  for  their 
thoughts  about  Wi-Fi  (also  known 
as  802.1 1). Vortex,  in  its  sixth  year, 


is  a  gathering  of  high-level  net¬ 
work  industry  executives,  in¬ 
vestors  and  entrepreneurs  that  is 
run  by  Network  World’s  IDG 
Executive  Forums  division  and 


moderated  by  Network  World's 
Editorial  Director  John  Gallant. 

Several  speakers  cited  Intel’s 
strong  backing  of  Wi-Fi  — 

See  Vortex,  page  14 


mm 


JWmwsmW.  mots oft.  sotSeivei.  W-naows.  am)  aw  Wine-  * » isjaanwMwr  regrsiered  tfateiw 
' i:»tirafi«,  Ti»  name*  of  actus!  oompanios  Mid  pro* . imioned  Nsrein  may  on  tht  w 


Build  a  200-serve 


Introducing  Microsoft  Windows  Server  2003.  Do  more  with  less 


You’re  being  asked  to  do  more.  You’re  being  asked  to  do  it  with  less.  Microsoft  Windows"  Server  2003  is  designed 
to  help  you  manage  these  opposing  forces  with  powerful  server  consolidation  capabilities  that  increase  efficiency, 
decrease  man-hours,  and  lower  your  total  cost  of  ownership.  Get  your  free  evaluation  copy  of  Windows  Server  2003 
at  microsoft,com/windowsserver2003  by  July  31,  2003.  Software  for  the  Agile  Business. 


Information  Resources,  Inc.  (IRI)  manages  over  122  terabytes  of  data  to  provide  consumer  behavior  insights,  advanced 
analytics,  and  decision  analysis  tools  for  some  of  the  largest  consumer  packaged  goods ,  healthcare,  retail,  and  financial 
companies  in  the  world.  To  meet  increasing  demand  for  faster,  more  granular  business  intelligence  while  reducing  costs, 
IRI  is  using  64-bit  editions  of  Windows  Server  2003  and  SQL  Server™  2000  on  an  Intel  Itanium  2  system  to  deliver  faster 
answers  to  its  customers.  The  result?  IRI  will  be  able  to  process  more  queries,  using  a  fraction  of  the  number  of  servers 
while  realizing  significant  cost  savings  and  improving  customer  service. 
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IRE  V60X 


THE  NEW  SUN  FIRE™  V60X  SERVER: 

>  INTEL  XEON  PROCESSOR 

>  RUNS  SOLARIS™  9  FOR  X86  OR  LINUX  OS 


OW  COST  MOVE  IS  ON 


<um»3  Sun  Microsystems,  Inc.  Ail  rights  reserved.  Sun,  Sun  Microsystems,  the  Sun  logo,  Solaris  and  Sun  Fire  are  trademarks  or  registered  trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States  and  other  countries.  All  other  trademarks  are  property  of  their  respective  owners. 
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News 


■  8  New  Storage  products  spur  rapid  data  recovery. 

■  8  Technological  advances,  vendor  hype  fuel  clustering  adoption. 

■  9  Remedy  and  Peregrine  each  pitching  new  help  desk  software. 

■  10  SuperComm  demos  aim  to  prove  new  technologies  aren't  hype. 

■  10  Lotus  e-mail  module  IS  first  link  to  next-generation  application. 

■  14  Chip  makers  forge  voice  over  IP,  LAN  features. 

■  18  Grid  technology  helps  fight  SARS. 

■  18  Video  multicasting  without  client  management. 


Infrastructure 

■  19  IBM  ups  mainframe 
expectations. 


Net.Worker 

■  29  Broadband  providers  woo 
new  customers. 


Features 


Face-off 

What's  the  best  way  to  fight  spam  —  technology  or  legislation?  Page  57. 

You  are  the  weakest  link 

The  easiest  way  for  hackers  to  damage  your  network  is  through  an  unsuspecting 
employee.  Find  out  how  you  can  train  everyone  to  be  a  human  firewall,  Page  61. 

GM  gears  up  with  Web  services 

General  Motors  is  using  collaborative  software  based  on  Web  services  to  improve 
communication  between  engineers  and  suppliers,  Page  63. 


Tester’s  Choice 

Test  Alliance  member  Joel  Snyder  puts  product  testing  under  the  microscope,  Page  67. 


■  19  3Com  boosts  fiber  switch  to 
secure  networks. 

■  20  Unisys  readies  32-processor 
mainframe. 

■  20  Kevin  Tolly:  No 

Passport,  no  problem. 


Technology  Update 

■  55  802.11i  shores  up  wireless 
security. 

■  55  Steve  Blass:  Ask  Dr. 

Internet. 


SuperComm  2003 

The  show  opens  in  Atlanta  bringing  together  the  industry  at  one  of 
its  most  challenging  times,  Read  our  Planning  Guide  for  highlights, 

Page  65. 


■  22  Special  Focus:  Fixed 
content  storage  grabs  users' 
attention. 

Enterprise 

Applications 

■  23  Apache  earning  its  stripes. 

■  23  Cisco  tightens  security. 

■  25  Scott  Bradner:  Slime 
for  sale. 

Service  Providers 

■  27  FCC  hopes  to  fuel  wireless 
competition  through  revised  rules. 

■  27  New  Alcatel  DSLAM 
quadruples  user  support. 

■  28  Johna  Till  Johnson: 

Why  net  execs  are  best-positioned 
to  be  the  industry's  future  leaders. 


■  56  Mark  Gibbs:  Python 
reappears,  with  100%  pure  Java. 

■  56  Keith  Shaw:  High  marks 
for  sketch  tool,  pop-up  applications. 

Opinions 

■  58  Editorial:  CEO  to  you: 
Why  is  that  server  exposed? 

■  59  Robin  Vasan: 

Leveraging  security  offerings. 

■  59  Daniel  Briere:  The  truth 
will  set  us  free. 

■  82  BackSpin:  Technology 
solutions  and  problems. 

■  82  'Net  Buzz:  Total  Informa¬ 
tion  Awareness  stinks. 

Management 

Strategies 


NetvvDikVVoildliision 

www.nwfusion.com 


Interactive 

Vortex  report 

Check  out  News  Editor  Bob  Brown's  Weblog  on  the  hot  happenings  and 
inside  dirt  from  this  conference  of  networking's  top  movers  and  shakers. 

DocFinder:  6045 

SuperComm  show  planner 

Going  to  Atlanta?  Get  the  lowdown  on  the  hot  keynotes,  tutorials  and 
events  you  don't  want  to  miss  at  next  week's  SuperComm  show.  Read 
the  unabridged  version  online  or  download  it  to  your  PDA  for  on-the- 
go  access.  DocFinder:  6029 

Seminars  and  Events 


■  68  Learn  how  to  be  a  leader  in 
strategic  IT  purchases. 


Security 

for  today’s  workforce 

Today's  workforce  is  on  the  go  and  in  the 
know.  Our  special  Security  supplement  cov¬ 
ers  the  latest  technologies  and  techniques 
for  giving  these  mobile,  tech-savvy  work¬ 
ers  network  access  while  maintaining  stringent  security.  Special 
coverage  begins  after  page  30.  Inside,  you'll  find: 

Gaining  perspective  on  digital  identities.  S10 


Securing  all  clients.  SI  6 


The  wireless  security  balancing  act  SI  8 


Don't  be  overwhelmed  by  storage  demands 

Join  storage  expert  Steve  Duplessie  and  leading  industry  vendors  for 
Network  World's  Storage  Technology  Tour,  "Shoring  Up  Your  Enterprise 
Strategy."  In  just  one  day,  create  a  storage  strategy  that  includes 
selecting  the  right  hardware  and  software,  planning  your  rollout  and 
managing/monitoring  your  storage  network.  Reserve  your  seat  today. 
DocFinder:  4937 


■  CONTACT  US  NetworkWorid,  118Tumpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  18 
for  more  contact  information.  REPRINTS:  (717)  399-1900 

SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444; 
Fax:  (508)  490-6400;  E-mail:  nwcirc@nww.com; 

URL:  www.subscribenw.com 


Columnists 

Compendium 

A  new  Outlook  spam  fighter 

Fusion  Executive  Editor  Adam  Gaffin  says  SpamBayes  has  been 
getting  good  reviews  for  its  performance,  plus  it’s  free. 

DocFinder:  6046 

Telework  Beat 

Gluing  it  all  together 

Net.Worker  Managing  Editor  Toni  Kistner  wonders  whether 
there's  room  in  home  networking  for  all  these  standards. 

DocFinder:  6047 

Small  Business  Tech 

Five  steps  to  improve  wireless  security 

Columnist  James  Gaskin  says  if  you  think  your  wireless  LAN 

security  is  good,  think  again.  DocFinder:  6048 

Digital  Domicile 

Hatching  the  home  server 

Whether  it’s  a  PC  or  a  set-top  box,  Columnist  Mike  Wolf 
says  home  servers  are  on  the  way. 

DocFinder  6049 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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Bringing  the  job  home,  ftny- 

four  percent  of  online  households  in  the  U.S. 
will  have  home  networks  deployed  within  five 
years,  according  to  a  report  from  Forrester 
Research.  Only  12%  have  them  today. 

‘Wireless  AT.  No.  we're  not  talking  about 
artificial  intelligence.  AT&T  Wireless  was  boasting 
about  giving  customers  "the  ability  to  use  a  short  code 
to  vote  for  their  favorite  performers"  on  TV’s  "American 
Idol."  The  stats:  2.7  million  votes  and  6  million  related  messages:  and 
that  was  before  the  finale. . . .  Impressive,  but  not  exactly  a  killer  app> 

Surgeon  General  Conway.  PeopieSoft  geo  Graig  Conway  last 

week  likened  Microsoft's  .Net  initiative  to  a  carcinogen:  asbestos.  ".Net  is  a  home 
formula  to  make  your  own  asbestos,"  he  told  a  gathering  of  customers  in 
Australia.  It  might  come  as  no  surprise  that  PeopieSoft  is  porting  all  of  its 
applications  to  Linux. 


BRIAN  GAIDRY 


News 


House  panel  OKs  'Net  tax  ban 

■  A  U.S.  House  subcommittee  has  approved  a  bill  that  would  per¬ 
manently  extend  a  moratorium  on  some  Internet  taxes,  including 
Internet  access  taxes,  despite  Democrats’  concerns  over  the  effect 
on  mom-and-pop  businesses  and  whether  the  bill  ensures  a  tax 
ban  on  DSL  access.  The  Internet  Tax  Nondiscrimination  Act  pro¬ 
hibits  the  7,500-plus  taxing  jurisdictions  in  the  U.S.  from  creating 
taxes  unique  to  the  Internet,  including  bit  taxes,  which  tax  Internet 
information  as  it  moves  across  servers  in  many  taxing  jurisdic¬ 
tions.  A  current  moratorium  on  such  taxes,  first  passed  in  1998, 
expires  Nov.  1,  and  the  U.S.  House  Judiciary  Committees  Sub¬ 
committee  on  Commercial  and  Administrative  Law  voted  to  send 
the  bill  on  to  the  full  committee  with  a  recommendation  of  pas¬ 
sage.  Subcommittee  Chairman  Chris  Cannon  (R-Utah)  pushed  for 
the  bill  by  saying  an  Internet  access  tax  would  hurt  ISPs  and  hin¬ 
der  the  growth  of  e-commerce,  which  makes  up  about  1% 
of  U.S.  retail  sales,  during  a  time  when  the  Internet  sector 
is  struggling. 

Nextel,  IBM  team  up  on  VPNs 

■  Nextel  last  week  announced  a  mobile  VPN  service  for  companies  that  want  to  set  up 
secure  wireless  connections.  Nextel  is  teaming  with  IBM  to  offer  VPN  support  with  IBM’s 
WebSphere  Everyplace  Connection  Manager  software.  Nextel  users  that  want  to  make 
their  corporate  networks  available  to  wireless  users  can  deploy  the  WebSphere  software 
to  interface  with  Nextel’s  1DEN  wireless  network.  Users  can  connect  to  their  corporate 
network  via  Nextel’s  backbone  with  a  wireless  modem  or  a  handheld  device  that  acts 
like  a  modem  and  is  connected  to  a  laptop.  Nextel’s  Wireless  Business  Solutions  works 
with  40  software  and  equipment  providers,  but  IBM  is  the  wireless  carrier’s  first  VPN 
software  partner. 

Wireless  exec  urges  revenue  focus 

N  The  challenge  facing  companies  in  the  wireless  technology  industry  is  to  stop  talk¬ 
ing  about  whiz-bang  futures  and  start  generating  cash,  AT&T  Wireless  CEO  John  Zeglis 
said  last  week  during  an  opening  keynote  presentation  at  the  Global  Wireless  Summit 
conference  in  New  York.  His  own  company  has  struggled  with  profitability  since  spin¬ 
ning  off  from  AT&T  in  2001:  AT&T  Wireless  posted  a  $2.3  billion  loss  in  its  most  recent 

COMPENDIUM 

Good  lords! 

T>o  British  House  of  Lords  recently  debated  what  to  do  about  spam.  Some  members 
^tused  aloud  how  spam  got  its  name,  which  led  to  a  parliamentary  discussion  of 
V  nty  Python.  Then  Lady  Saltoun  of  Abernethy  rose  to  complain  about  junk  faxes:  “I 
no  not  know  whether  they  could  be  called  corned  beef  or  something,  but  I  have  had 

enough  of  them.” 

Read  the  whole  debate  at  www.nwfusion.com,  DocFinder:  6053. 


fiscal  year.’Today’s  wireless  capabilities  already  surpass  most  peoples’ wireless  reality” 
he  said. “The  main  thing  all  of  us  in  the  wireless  industry  have  to  demonstrate  now  is 
an  ability  to  execute  to  create  real  value.”  AT&T  Wireless  sees  landlines  as  its  main 
competition.  Zeglis’  goal  is  to  drive  per-minute  wireless  costs  down  low  enough  to 
undercut  the  prices  of  fixed-line  access,  which  he  expects  to  help  in  persuading  cus¬ 
tomers  to  adopt  wireless  service  as  their  primary  phone-communications  method. 

Database  market  dips;  IBM  takes  lead 

■  Worldwide  revenue  from  new  licenses  of  relational  database  management  systems 
fell  6.9%  last  year,  to  $6.6  billion,  Gartner  said  last  week.  Despite  flat  revenue,  IBM  over¬ 
took  Oracle  as  market  leader  with  revenue  of  $2.4  billion.  It  now  holds  a  36.2%  market 
share,  Gartner  said.  Strong  growth  on  IBM’s  DB2  for  the  zSeries  compensated  for  a  dou¬ 
ble-digit  decline  on  DB2  for  the  iSeries.  Oracles  2002  revenue  from  its  relational  data¬ 
base  management  system  was  $2.2  billion,  down  20.5%  from  2001,  and  its  market  share 
slipped  to  33.9%.  It  did,  however,  remain  the  market  leader  in  the  relational  DBMS  mar¬ 
ket  on  distributed  systems  (Unix  and  Windows  servers),  with  40%  of  the  market  com¬ 
pared  with  IBM’s  24%,  Gartner  said. 

Changes  to  Java  standards  process  eyed 

■  Several  major  backers  of  Java  have  proposed  changes  to  the  Java  Community 
Process,  the  Java  standards  body,  in  a  move  designed  to  speed  the  development  of 
Java  standards  and  increase  the  transparency  of  the  process.  The  proposal  calls  for 
opening  future  Java  standards  to  public  scrutiny  earlier  in  the  development  process, 
and  pushing  back  a  vote  on  proposed  standards  until  after  a  second  review  period, 
Onno  Kluyt,  director  of  the  JCP  Program  Management  Office  at  Sun,  said  last  week.  A 
Java  Specification  Request  goes  through  several  review  phases  and  has  to  be 
approved  by  the  JCP  executive  committee  at  various  stages  in  the  process.  Currently, 
the  first  review  is  carried  out  by  JCP  members  and  is  followed  by  a  vote  by  the  exec¬ 
utive  committee.  Under  the  proposed  new  system  the  first  review  will  be  open  to  the 
public,  and  the  vote  will  be  pushed  back  until  after  a  second  review  period,  which 
also  is  open  to  the  public. 

Web  services  mean  more  hardware 

■  As  organizations  move  to  adopt  Web  services,  IT  managers  will  end  up  spending 
more  money  on  hardware  than  on  software,  an  1DC  analyst  said  last  week.  Speaking  at 
lDC’s  Enterprise  ServerVision  conference  in  San  Jose.analyst  Vernon  Turner  predicted 
that  the  move  to  Web  services  would  create  a  $4.3  billion  hardware  market  by  2007. 
Software  spending  will  reach  $3.4  billion,  he  predicted,  while  spending  on  services 
will  account  for  $7.5  billion,  nearly  half  of  the  $15.2  billion  IDC  expects  to  be  spent  on 
Web  services  four  years  from  now.  IDC  estimates  that  total  spending  on  Web  services 
will  approach  $3  billion  this  year. The  IDC  analysts  had  expected  to  find  that  Web  ser¬ 
vices  would  typically  be  deployed  on  existing  hardware.Turner  said,  and  that  the  Web 
services  hardware  market  would  not  be  significant.  “In  fact,  the  data  has  shown  the 
exact  opposite,"  he  observed. “We  were  actually  surprised  when  we  saw  the  hardware 
numbers." 
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SMARTER  DATA  SECURITY  DOES  WHAT  SOFTWARE  ALONE  CAN'T:  Wherever  viruses  attack,  Trend  Micro 
is  near  at  hand  with  a  global  force  of  content  security  experts  backed  by  the  only  integrated  approach  to 
address  the  entire  attack  lifecycle.  Only  Trend  Micro's  award-winning  Enterprise  Protection  Strategy  provides 
attack-specific  products  including  everything  from  Outbreak  Prevention  policies  to  Damage  Cleanup 
templates — all  delivered  while  the  attack  develops  so  you  can  better  manage  the  threat  and  minimize  costs. 
To  find  out  how  Trend  Micro's  best-of-breed  products  and  services  backed  by  the  vigilance  of  TrendLabs 
engineers  can  help  you  manage  every  stage  of  a  virus  outbreak,  visit  www.trendmicro.com/products/eps. 
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Storage  start-ups  spur  rapid  recovery 


■  BY  DENI  CONNOR 

Storage  start-ups  Revivio  and 
TimeSpring  are  readying  software 
that  lets  users  recover  lost  or  cor¬ 
rupted  data  in  minutes  instead  of 
hours  or  days. 

When  the  products  are  intro¬ 
duced  later  this  year,  they’ll  join  a 
growing  market  segment  that  em¬ 
phasizes  instant  recovery  of  data 
and  continuous  protection,  rather 
than  data  backup.  Recently,  two 
other  start-ups, Vyant  Technologies 
and  FilesX,  and  established  stor¬ 
age  vendor  Storagetek,  launched 
products  in  this  area. 

“The  devil’s  in  the  recovery 
when  it  comes  to  backup, ’’says  Bill 
Saba,  director  of  IS  for  long-dis¬ 
tance  provider  Startec  Global 
Communications,  who  uses  Vy- 
ant’s  recently  introduced  Real- 
Time  software.  RealTime  works 
on  Solaris  and  AIX  pla  forms. 

“Backup  is  a  no-brainer.  Recov¬ 
ering  from  a  failure  is  a  problem¬ 
atic  step  depending  on  what 
you’ve  encountered," Saba  says. 

These  software  packages  are 
much  different  than  traditional 
backup  and  recovery  replication 
and  snapshot  tools,  which  are  lim¬ 
ited  by  the  frequency  with  which 


a  customer  uses  them  to  back  up 
the  network  and  by  how  quickly 
they  can  restore  corrupted  data. 

In  the  systems  from  these  five 
companies,  all  changes  are 
recorded  as  they  are  written  to 
disk  and  the  time  of  the  /-~ 
change  noted.  If  a  failure  oc¬ 
curs,  data  can  be  retrieved 
from  the  closest  minute, 
rather  than  from  when  the 
last  scheduled  full  or  incremen¬ 
tal  backup  occurred. 

“Anyone  who  is  backing  up  to 
tape  is  looking  at  a  lengthy  recov¬ 
ery  process,”  says  Bob  Passmore, 
research  director  at  Gartner.  “The 
time  to  mount  a  tape,  search  and 
find  the  right  data, stream  the  data 
back  in,  [and]  reboot  the  applica¬ 
tion  is  a  process  that  can  take 
from  a  few  minutes  to  a  couple  of 
days.  For  applications  that  are  up 
on  the  Internet  being  used  24 
hours  a  day  the  recovery  require¬ 
ments  are  more  in  seconds,  not  in 
minutes  or  hours  a  da/ 

When  Startec  initially  migrated 
its  business  systems  to  an  Oracle 
database,  it  had  a  problem  that 
corrupted  the  control  file  and 
took  two  days  to  fix.The  company 
installed  RealTime. 

“RealTime  has  a  time-slide 


A  variety  of  start-ups  are  working  on  software  that  lets 
users  instantly  recover  lost  or  corrupted  data.  Here’s 
how  two  of  them  work. 


When  the  user  realizes  that  data  has  been  lost  or 
corrupted  by  a  virus  or  failure,  they  can  retrieve  it 
based  on  a  time  before  corruption  actually  occurred. 


When  a  Revivio  or  TimeSpring  server  is  placed  in  the  networtc 
the  software  saves  data  as  it  is  changed  and  generates  a 
journal  that  tracks  the  data  and  the  time  it  was  backed  up. 


SAN-attached  storage 


Data  is  normally  backed  up 
to  a  tape  library  once  a  day 
or  hourly  with  snapshot 
backup  or  traditional 
backup  and  recovery  tools. 


mechanism  where  you  can  go 
back  and  recover  data  from  any 
point  in  time,”  Saba  says.  “When 
we  lost  an  AIX  file  system,  we 
knew  exactly  when  it  happened 
and  recovered  data  in  15  min¬ 


utes.  All  you  have  to  determine  is 
when  the  damage  occurred  and 
go  back  to  just  before  it, and  bring 
back  data  from  that  point.” 

Revivio’s  software,  called  Back- 
trac,  is  appliance-based  —  the 


Clustering  advances  fuel  adoption 


■  BY  JENNIFER  MEARS 

Precision  Response,  which  provides  cus¬ 
tomer-care  services  for  large  companies,  col¬ 
lects  and  manages  information  on  millions  of 
its  clients’  customers.  The  company  has  used 
Sun’s  high-end  Enterprise  10000  servers  to 
handle  the  mountains  of  data,  but  by  July 
those  big  boxes  will  be  taken  out. 

In  their  place,  Precision  is  stringing  together 
four,  four-processor  Dell  PowerEdge  6650 
servers  running  Oracle’s  9i  database  software 
with  Real  Application  Clusters  (RAC). 

It's  a  move  that  systems  vendors  are  expect¬ 
ing  to  see  more  corporate  customers  make. 
Clusters  are  nothing  new,  but  in  the  past 
they've  typically  consisted  of  hundreds  — 
sometimes  thousands  —  of  nodes  linked 
together  for  heavy-duty  number  crunching  in 
research  labs.  Today,  however,  vendors  are 
offering  Intel-based  servers  running  Linux  that 
are  optimized  for  cluster-aware  software  such 
as  databases  in  data  centers. 

With  processing  power  increasing,  server 
prio  ,-s  going  down,  and  vendors  enhancing 
the  way  users  manage  and  allocate  system 
resource  s,  the  idea  of  using  groups  of  servers, 
rather  than  one  big  server  becomes  increas¬ 
ingly  attract,  e  experts  say. 

“Once  you  get  to  the  point  that  you  can  make 


moving  applications  around  and  resizing  sys¬ 
tem  resources  as  easy  on  multiple  systems  as  it 
is  on  big  systems,  the  reason  to  consolidate  on 
that  big  system  pretty  much  goes  awa/  says 
Gordon  Haff.an  analyst  at  Illuminata. 

For  Precision,  it  meant  the  company  could 
get  more  out  of  its  infrastructure  and  it 
expects  to  save  an  estimated  $18,000  per 
month  in  maintenance  costs,  says  Bill  Hicks, 
senior  vice  president  of  technology  and  CIO 
at  the  Miami  company 
While  the  Sun  Enterprise  10000  costs  hun¬ 
dreds  of  thousands  of  dollars,  Dell’s  Fbwer- 
Edge  6650  boxes  start  around  $10,000. 

“The  model  in  previous  years  was  every  time 
a  new  [customer]  came  in  we  had  to  buy  a 
new  box,  which  obviously  gets  expensive.  I’d 
have  10,  20,  40%  capacity  available  on  my 
boxes,  but  I  couldn’t  take  advantage  of  it 
because  they  were  all  individual  units,”  he 
says.  “The  thing  we  saw  in  clustering  was  the 
ability  to  add  on  additional  units  as  we  grow” 
The  failover  features  of  clustering  also  pro¬ 
vides  increased  reliability  and  lets  Hicks’  staff 
do  maintenance  work  immediately 
“In  the  past,  we  had  to  do  most  of  our  main¬ 
tenance  on  Sunday  night  at  three  in  the  morn¬ 
ing  because  we  impact  the  client  environ¬ 
ment,"  he  says  “Now  we  can  do  it  when  the  sun 
is  out.” 


While  there  is  a  trend  toward  clustering  stan¬ 
dard  Intel  servers,  analysts  say  it’s  still  early  and 
management  issues  are  still  being  ironed  out. 
Another  issue  is  the  ability  of  software  to  run 
across  multiple  servers.  Oracle  CEO  Larry 
Ellison  has  long  pushed  the  idea  of  saving 
money  by  running  his  company’s  database 
software  on  distributed  boxes.  In  April,  Ellison 
shared  a  stage  with  Dell  CEO  Michael  Dell  to 
tout  their  expanded  partnership  to  sell  clus¬ 
tered  server  systems.  Earlier  this  month,  Ellison 
made  the  same  pitch  with  Sun  CEO  Scott 
McNealy 

HP  meanwhile,  has  offered  Unix-based  clus¬ 
tering  based  on  Compaq’s  Tru64  technology  It 
also  offers  clustering  capabilities  for  its  stan¬ 
dard  ProLiant  servers. 

IBM  sells  xSeries  clusters  designed  to  run 
Oracle  9i  RAC,  Lotus  Domino  and  DB2.  Last 
week,  Big  Blue  announced  prepackaged  Linux 
blade  clusters,  which  use  its  cluster  technology 

“They’ve  essentially  commoditized  high-per¬ 
formance  computing,”  says  Charles  King, 
research  director  at  the  Sageza  Group.  “It’s  a 
really  small  footprint,  it’s  really  powerful . . . and 
all  the  customer  has  to  do  is  uncrate  the  thing, 
plug  it  in  and  they’re  ready  to  roll.” 

The  Cluster  1350  with  IBM  eServer  Blade 
Center  will  be  available  June  6.  Pricing  was 
not  released.® 


software  installs  on  an  off-the 
shelf  server,  which  sits  between 
the  Fibre  Channel  devices  and 
the  tape  library  The  software  cap¬ 
tures  data  continuously  without 
taking  down  the  database  or 

- _  network  and  time- 

stamps  each  disk 
write  to  the  back-up 
device. 

TimeSpring’s  prod¬ 
uct,  TimeSpring  Protector,  will  be 
formally  launched  late  this  year. 
Like  Backtrac,  TimeSpring  Pro¬ 
tector  is  installed  on  a  server, 
called  the  Continuous  Protection 
Server,  which  sits  between  net¬ 
work  and  the  backup  device. 
Agents  are  installed  on  protected 
servers.  When  data  changes,  it  is 
continually  stored  to  the  Con¬ 
tinuous  Protection  Server,  from 
which  it  can  be  retrieved  based 
on  the  corruption  time.  It  works 
with  direct-attached,  network- 
attached  and  Fibre  Channel  stor¬ 
age  and  with  Windows  networks. 

Initially,  analysts  say  these  pro¬ 
tection  products  won’t  replace 
traditional  back-up  and  recovery 
software  from  vendors  such  as 
Legato  and  Veritas. 

“Sometimes  they  will  replace, 
sometimes  they  will  comple¬ 
ment,”  Passmore  says.“Larger  stor¬ 
age  companies  are  not  com¬ 
pletely  unaware  of  the  approach¬ 
es  these  start-ups  are  trying  to 
bring  to  market.  I  would  predict 
that  most,  if  not  all,  of  the  large 
players  will  have  competing  prod¬ 
ucts  in  one  form  or  another^ 
Revivio  expects  Backtrac  will 
start  at  about  $50,000;  Protector 
will  be  priced  per  protected  ser¬ 
ver  starting  at  $4,000.  ■ 


I  THIS  WEEK'S  QUESTION: 

In  whichTexas  city 
can  you  find  the  SBC 
Center,  a  sports  and 
entertainment  arena 
named  after  the  Bell 
company? 


Answer  the  and  me  addtmal  questions 
onine  and  you  could  win  $500!  Visit 
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Remedy,  Peregrine  release  help  desk  software 


■  BY  DENISE  DUBIE 

Help  desk  vendors  Remedy  and  Pere¬ 
grine  this  week  will  separately  introduce 
products  designed  to  better  align  business 
processes  with  IT  assets  and  service  man¬ 
agement,  which  users  say  helps  to  resolve 
more  support  calls  in  less  time. 

Remedy,  in  its  first  announcement  since 
being  sold  last  fall  by  Peregrine  to  BMC 
Software,  will  announce  its  IT  Service 
Management  suite,  or  ITSM  5.5.  The  suite 
automates  help  desk  functions  such  as 
trouble  ticketing,  manages  assets  and 
changes  across  desktops,  and  lets  network 
managers  track  service-level  agreements 
against  IT  performance.  The  software  also 
includes  new  workflow  features  that  cus¬ 
tomers  can  customize  with  information 
about  their  internal  processes  and  assets. 

The  customization  appeals  to  Linda  Hill, 
a  database  administrator  at  Sharpe  Health¬ 
care  in  San  Diego.  She  says  inputting  her 
knowledge  of  how  to  handle  trouble  tick¬ 
ets  from  about  16,000  client  and  Web  users 
into  the  software  lets  junior  staff  members 
take  actions  without  lengthy  training. 

“The  juniors  can  do  the  day-to-day  job 
that  I  used  to  be  needed  to  do,  because  the 
Remedy  application  rarely  goes  down  and 
they  have  no  problem  understanding  what 
to  do  when  using  it,"  Hill  says. 

ITSM  5.5  runs  on  Windows  and  Unix 
servers  and  can  be  accessed  from  Win¬ 
dows  desktops  and  Web  browsers.  The 
server  software  communicates  with  man¬ 
aged  devices  in  their  native  protocols  and 
creates  trouble  tickets  and  alerts  when  pre¬ 
defined  thresholds  and/or  rules  have  been 
missed.  The  software  integrates  with  sys¬ 
tems  management  software  such  as  BMC’s 
Patrol.  ITSM  5.5  applications  cost  $1,500  to 
$35,000,  depending  on  configuration  and 
licenses  purchased. 

Peregrine  will  unveil  ServiceCenter  5.1, 
which  includes  support  for  the  Information 
Technology  Infrastructure  Library  (ITIL),  a 
set  of  best  practices  for  managing  IT.  The 
software,  which  competes  directly  with 
Remedy’s  offering,  includes  best  practices 
for  consolidating  call  centers,  features  to 
create  views  and  dependencies  among 
assets,  and  upgrades  to  enable  easier 
administration. 

Paul  Hopkins,  IT  manager  of  client  rela¬ 
tions  for  Carlson  Hospital  Worldwide  in 
Omaha,  Neb.,  says  ServiceCenter  5.1  also 
lets  junior  staff  members  take  on  more 
work  with  senior  skill  levels.  He  says  the 
change  management  component  in  the 
suite  will  show  staff  members  how 
changes  they  make  directly  affect  service 
to  the  750  hotel  properties  they  support. 

“We  have  cut  15  minutes  per  call  off  of 
incident  calls,  and  we  probably  have  more 
than  20  of  those  per  dayf  Hopkins  says. 

ServiceCenter  5.1  runs  on  a  Windows  or 
NT  server  and  can  communicate  with 
applications  using  Java  or  native  protocols. 
The  software  also  includes  a  console  fea¬ 
ture  that  lets  network  managers  view 


reports  and  administer  tasks  from  one  cen¬ 
tral  location.  It  costs  between  $15,000  and 
$30,000,  depending  on  licensing. 

With  both  companies  offering  similar  fea¬ 


tures,  customers  will  have  to  determine 
what  kind  of  software  works  best  in  their 
network,  says  John  Ragsdale,  a  research 
director  at  Forrester.  For  example,  Remedy 


wins  high  marks  for  its  ability  to  tailor  the 
software  to  a  specific  environment.  And 
Peregrine  works  more  with  industry-recog¬ 
nized  standards.  ■ 


The  names  of  actual  companies  and  logos  mentioned  herein  may  be  trademarks  of  their  respective  owners. 


It's  All  About  Connections 
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Communuotions,  Ini. 


JetBlue  connects  people  to  their  destinations. 
MRV  keeps  JetBlue  connected  to  its  networks. 

With  the  newest  Airbus  fleet  in  the  industry  and  a  number  of  first  and  onlys,  including  leather 
seats  and  DIRECTV™  programming,  it's  no  wonder  JetBlue  Airways  has  taken  off  so  quickly 
ahead  of  the  major  airlines..  ♦  When  they  needed  to  connect  their  LAN  to  a  new  building 
without  any  access  to  fiber,  JetBlue  made  another  leap  and  deployed  Free  Space  Optics 
connectivity  from  MRV.  ♦  World-class  companies  like  JetBlue  keep  their  networks  flying  by 
choosing  MRV  for  unlimited  connectivity  options.  Since  1988,  we  have  provided  connectivity 
solutions  for  networks  that  scale  in  size,  speed,  distance  and  complexity.  In  fact,  some  of  the 
world's  largest  networks  rely  on  our  switches,  routers,  optical  transport  systems  and  remote 
presence  equipment.  Our  connectivity  solutions  are  preferred  by  Fortune  500  companies. 

■  — . -  _  ■  .  .  .  .  . .  .  .  ..  U  ;  .  V  'sV 

Turn  to  us  for  your  Connectivity  Unlimited™  needs 


mrv.com/jetblue 


4 


10 

[  NetworkWorld 1  5/26/03 

News 

www.nwfusion.com 

Carrier  show  to  demo  MPLS,  more 


■  BY  TIM  GREENE 

When  SuperComm  2003  con¬ 
venes  next  week  in  Atlanta  ven¬ 
dors  will  make  a  big  push  to 
prove  that  highly  touted  yet 
emerging  communications  tech¬ 
nologies  really  do  work. 

Dubbed  SuperDemos  and  hud¬ 
dled  together  on  the  show  floor, 
these  demonstrations  will  draw 
together  a  mix  of  cooperating 
vendors  to  show  that  despite  the 
lack  of  standards  in  some  cases, 
these  network  innovations  are 
more  than  concepts.  Interoper¬ 
ability  among  vendors’  gear  will 
be  highlighted  in  some  of  the 
demos  —  such  as  those  of  Multi¬ 
protocol  Label  Switching  (MPLS) 
and  resilient  packet  ring —  while 


others  will  demonstrate  technolo¬ 
gies  such  as  optical  interworking. 
SuperComm  is  the  premiere 
show  in  the  U.S.  for  carriers.  (For 
more  on  SuperComm  see  our 
Planning  Guide  on  page  65.) 


The  MPLS/Frame  Relay  Alliance 
is  scheduled  to  demonstrate  that 
multiple  protocols,  including 
frame  relay  ATM  and  Ethernet, 
can  be  carried  over  a  multiven¬ 
dor  MPLS  core  network.  It  might 
show  off  Ethernet  virtual  private 
LAN  services  supported  by  multi¬ 
ple  vendors’  gear. 

Ethernet  as  a  carrier  service  is 
getting  double  attention,  being 


featured  by  the  Ethernet  in  the 
First  Mile  Association  (EFMA)  and 
the  Metro  Ethernet  Forum  (MEF). 

More  than  a  dozen  vendors 
associated  with  MEF  are  claiming 
the  first  public  demonstration  of 
metropolitan  Ethernet  service  in¬ 
teroperability  between  what  cus¬ 
tomers  perceive  as  point-to-point 
circuits  and  meshed  networks. 
This  is  a  combination  of  two  ser¬ 
vices  MEF  calls  point-to-point 
Ethernet  virtual  circuits,  or  E-Line, 
and  multipoint-to-multipoint 
Ethernet  virtual  circuits  called  E- 
LAN. 

Streaming  video,  voice  over  IP 
and  instant  messaging  are  among 
the  applications  that  will  ride  the 
10M  and  20M  bit/sec  virtual  cir¬ 
cuits.  Twenty-two  vendors  are 


scheduled  to  demonstrate  inter¬ 
operability  among  their  gear  for 
creating  a  combination  of  E-Line 
and  E-LAN  connections. 

EFMA  says  it  will  proclaim  how 
Ethernet  can  be  used  for  broad¬ 
band  access  in  service  provider 
networks  using  copper  and  fiber 
lines.  The  technology  is  being 
worked  on  by  an  IEEE  task  force. 
Participants  in  the  group  include 
Cisco,  Extreme  Networks,  Hatteras 
Networks  and  Intel.  But  because 
there  is  no  standard  yet,  vendors 
won’t  try  to  demonstrate  interop¬ 
erability  with  the  technology 

Some  vendors  are  scheduled  to 
announce  products  that  con¬ 
tribute  to  the  technologies  in  the 
SuperDemo  areas. Transition  Net¬ 
works,  for  example,  is  set  to  intro- 


Lotus  intros  e-mail  for  WebSphere 


Entry-level  mail 

A  number  of  vendors  develop  low-cost  e-mail  products  for  corporations.  Pricing  is  based 
on  variations  in  feature  sets,  protocol  support  and  configuration. 


Company/Product 

Sampling  of  features 

Price  per  user, 
per  month 

IBM/Lotus: 

Workplace  Messaging 

Ships  with  limited  version  ofWebSphere, 
DB2. 

$1  (1,000  users) 

SendMail: 

Workforce  Mail 

Hardware,  software,  content  management, 
policy  administration. 

$1  to  $2  (10,000  users) 

Rockliffe: 

Mailsite  LE 

Mailsite  SP 

Virus  scanning  and  antispam  engine. 

LE:  $1.99  (1,000  users) 
SP:  $2  (5,000  users) 

Gordano: 

Messaging  Suite 

Client-side  antispam  and  shared  calendars. 

62  cents  (1,000  users) 

Mirapoint: 

Message  Server  M400 

Hardware,  software  and  storage  bundle. 

$2.50  (1,000  users) 

Stalker: 

CommuniGate  Pro  Enterprise 

Antivirus  and  antispam  tools;  clustering. 

$1.99  (1,000  users) 

IPSwitch: 

1  Mail  Professional 

Antivirus  and  antispam;  free  e-mail 
support. 

$1.50  (1,000  users) 

■  BY  JOHN  FONTANA 

lBM/Lotus  last  week  took  the 
first  step  toward  converting  its 
Domino  platform  into  a  set  of 
components  that  runs  on  Web¬ 
Sphere,  and  signaled  to  customers 
that  construction  of  its  next-gener¬ 
ation  messaging  and  collabora¬ 
tion  platform  has  begun. 

lBM/Lotus  promoted  its  new 
Workplace  Messaging  as  a  low- 
cost,  entry-level  e-mail  engine  for 
providing  messaging  to  so-called 
deskless  workers.  But  more  impor¬ 
tantly  the  software  also  marks  the 
beginning  of  the  company’s  plan 
to  migrate  its  messaging  platform 
to  IBM  middleware. 

Workplace  Messaging  might  find 
takers  who  have  deployed  Web¬ 
Sphere  and  DB2  databases,  but 
those  without  that  infrastructure 
say  the  low  cost  of  Workplace 
Messaging  won’t  sway  them  to 
cannibalize  Domino  seats. 

“To  add  [Workplace  Messaging]  we  would 
have  to  have  two  directories,  coordinate  the 
system  with  Domino  and  deploy  technology 
in  WebSphere  and  DB2  that  is  not  currently 
part  of  our  environment  just  to  do  what  we 
already  do  with  Domino,"  says  Jean 
Thibodeau,  vice  president  of  information  sys¬ 
tems  for  Canam  Manac  Group,  a  Canadian 
steel  manufacturer. 

Nevertheless,  Thibodeau  says  he  will  track 
IBM's  creation  of  messaging  and  collaboration 
components.“But  until  they  get  into  the  meat 
of  [making  components  of]  Notes  and 
Domino,  we  won’t  pay  close  attention.  They 
won’t  turn  people  away  from  the  Domino  plat¬ 


form  if  the  new  platform  doesn’t  offer  much 
that  is  different.” 

Workplace  Messaging  runs  on  the  Web¬ 
Sphere  application  server,  uses  the  DB2  data¬ 
base  and  integrates  with  management  ser¬ 
vices  from  Tivoli,  each  being  a  critical  part  of 
IBM’s  middleware  platform.  Workplace 
Messaging,  which  is  a  Java  portlet,  integrates 
with  WebSphere  Portal  Server. 

Observers  expect  IBM/Lotus  to  recreate 
many  of  Domino’s  features  in  WebSphere  in 
the  near  future. 

“By  the  end  of  2004  or  early  2005,  Workplace 
Messaging  will  be  on  par  with  Domino  in 
terms  of  functionality  says  Matt  Cain,  an  ana¬ 


lyst  with  Meta  Group.  “Domino  will  exist  infi¬ 
nitely,  but  I  expect  to  see  IBM  be  more  aggres¬ 
sive  in  providing  new  components  for  the 
WebSphere  and  DB2  environment.” 

Workplace  Messaging  initially  is  basic 
e-mail.  A  calendar  component  is  scheduled 
for  later  this  year, and  the  individual  features  of 
the  software  will  eventually  be  broken  into 
smaller  portlets  such  as  in-box,  contact  lists 
and  folders  that  plug  into  WebSphere  Portal 
Server,  the  company  says. 

“We  are  building  a  model  with  a  vision  to 
have  plug-and-play  infrastructure  where  you 
pay  for  the  features  you  need,”  says  John 

See  Lotus,  page  14 


duce  gear  that  supports  Ethernet 
services  that  businesses  can  buy 
in  64K  bit/sec  increments  so  they 
don’t  have  to  pay  for  bandwidth 
they  don’t  need.  Called  Remotely 
Managed  100  Megabit  Converter, 
the  device  delivers  100M  bit/sec 
Ethernet  to  customer  sites  over  a 
fiber  link  and  then  converts  it  to 
an  electrical  signal  on  a  copper 
port  that  customers  plug  their 
Ethernet  LANs  into.  The  boxes 
won’t  be  generally  available  until 
July 

ILC,  a  maker  of  monitoring  and 
control  software,  is  set  to  intro¬ 
duce  a  platform  that  makes  it  eas¬ 
ier  to  configure  circuits  on  multi¬ 
vendor  networks  such  as  those 
being  used  to  demonstrate  up- 
and-coming  technologies.  Called 
Scenario,  the  software  determines 
what  devices  in  a  telecom  net¬ 
work  need  to  be  reconfigured  to 
set  up  a  new  circuit,  then  gener¬ 
ates  commands  that  set  up  the 
circuit.  Pricing  is  on  a  case-by- 
case  basis. 

Also  at  SuperComm: 

•  LightPainte,  maker  of  optical 
gear  that  transmits  data  through 
free  space  without  optical  fiber,  is 
set  to  introduce  a  redundant 
model  called  FlightStrata-G.A  pair 
of  the  devices  can  be  lined  up  to 
send  and  receive  laser  transmis¬ 
sions.  The  data  is  sent  simultane¬ 
ously  on  four  beams  so  if  one 
beam  is  obstructed  or  distorted 
on  the  way,  the  data  likely  will  be 
delivered  by  the  others.  The  new 
device,  which'  will  cost  $49,000, 
upgrades  the  speed  of  earlier 
LightPointe  gear  to  1G  bit/sec 
from  the  previous  high  of  155M 
bit/sec. 

•  Ericsson  is  set  to  introduce  to 
the  U.S.  DSL  gear  that  it  says  can 
increase  bandwidth  and  drop 
prices  of  DSL  business  services. 
The  company’s  mini-DSL  access 
multiplexer  (DSLAM)  supports  10 
lines  and  is  slightly  larger  than  a 
cell  phone.  It  also  supports  IP 
uplinks,  which  Ericsson  says 
reduces  the  cost  of  setting  up  DSL 
gear  in  a  telephone  company 
switching  office;  as  well  as  several 
standard  versions  of  DSL,  includ¬ 
ing  a  relatively  new  one  called 
ADSL2  that  provides  7.5M  bit/sec 
downloads  to  customers  and  3M 
bit/sec  uploads.  The  mini- 
DSLAMs  are  paired  with  custom 
Ethernet  switches  that  provide 
power  for  the  DSLAM  and  trans¬ 
port  traffic.  It  will  cost  $2,500  for 
support  of  10  lines.B 
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She’s  playing  the  best  solo  of  her  entire  career. 


into  her  sheet  music  and  changing 
all  the  notes. 
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Imagine  communications  and  IT  systems  worked  just  like  orchestras. 

No  compatibility  problems.  No  security  issues.  Just  total  flexibility  and  great  performance. 
Business  IP  -  BT’s  Global  IP  Network  offers  just  this.  It  can  help  your  people  and  business  perfi 
For  more  information  on  how  BT  can  help  bring  harmony  to  your  organization  contact  us 
on  1-800-331  4568  or  www.bt.com 
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branches  out,  Cisco’s  technology  strategy  is  shifting  from 
an  emphasis  on  individual  products  to  more  of  a  holistic 
system  approach. 

At  the  same  time,  Cisco  watchers  say  the  firm  faces  chal¬ 
lenges  as  it  transitions  to  a  more  internal  development 
model  rather  than  acquiring  technology  and  products 
elsewhere. 

EOS  everywhere 

The  cornerstone  of  Cisco’s  technology  is  its  IOS  software 
—  the  operating  system  that  runs  most  of  the  company’s 
routing  and  intelligent  switching  gear  for  corporations  and 
service  providers. 

While  the  evolution  and  expansion  of  IOS’s  role  over  the 
years  has  led  to  much  of  Cisco’s  success,  the  company 
also  might  face  a  daunting  technical  challenge:  It’s 
widely  installed, yet  it’s  15  years  old. 

“Yes,  it’s  a  monolithic  piece  of  code  that  is  sensi¬ 
tive  to  changes  and  new  additions,”  says  Joe 
McGarvey,  senior  analyst  for  carrier  infrastructure  at 
Current  Analysis.’At  the  same  time,  it  runs  through¬ 
out  its  product  line  and  is  ingrained  in  thousands  of 
environments.  It’s  sort  of  like  the  weather: There’s  no 
point  in  complaining  about  it  because  you  can’t  do 
anything  about  it.” 

Analysts  and  competitors  bash  IOS  for  being 
monolithic,  unstable  and  a  CPU  resource  hog  — 
Juniper  often  says  that  IOS  saps  wire-speed  per¬ 
formance  from  Cisco  12000-series  routers  when 
additional  software-based  services  are  turned 
on.  Meanwhile, corporate  customers  say  the  myr¬ 
iad  features  and  capabilities  constantly  being 
added  make  it  tricky  to  manage  a  large  IOS 
network. 

“in  many  ways,  IOS  is  good  in  that  it  drives 
change  in  terms  of  what  IP  networks  can  do,” says  Chris 
Lukas,  CTO  of  emerging  technologies  at  Hold  Brothers, 
a  New  York  stock  trading  firm.  But,  he  adds,  “IOS  has 
also  been  a  thorn  in  my  side.The  biggest  problem  with 
it  is  that  new  releases  aren’t  always  a  superset  of  old 
releases. Things  are  left  out  in  new  versions  that  were 
there  before.” 

Dick  Emford.lead  network  analyst  for  home-goods  man¬ 
ufacturer  Newell  Rubbermaid  in  Freeport, Ill., says, “IOS  is  a 
pretty  all-encompassing  technology  Cisco  is  rolling  every¬ 
thing  up  into  it.  As  they  start  to  roll  out  new  functions,  it’s 
kind  of  a  challenge  to  find  a  stable  version  of  IOS  that  also 
supports  all  the  other  functions  we  need. 

“We  do  regression  testing  over  and  above  what  Cisco 
recommends  for  its  IOS  releases,  and  we  try  to  minimize 
the  flavors  we  keep,”  he  says. “It’s  hard  because  every  IOS 
version  that  we  might  have  to  roll  out  might  have  five  or  six 
different  new  functions  that  we’ll  need  to  test.” 

Newell  Rubbermaid  has  more  than  500  routers  and 
switches  deployed  running  IOS  throughout  70  sites 
worldwide,  and  uses  the  software  to  help  deploy  new 
features  such  as  voice  over  IP  (VoIP)  and  localized  con¬ 
tent  caching  throughout  its  distributed  enterprise. 

The  addition  of  quality-of-service  and  VoIP  support  in  IOS 
is  something  Emford  would  like  Cisco  to  continue.  As 
Newell  Rubbermaid  rolls  out  a  nationwide  VoIP  network, 
the  tighter  voice  and  data  are  integrated  into  Cisco  prod¬ 
ucts,  the  better,  he  adds. 

Overall,  Cisco  has  been  consistent  about  integrating  IOS 
onto  new  products  to  support  more  features,  such  as 
adding  IOS  to  its  Aironet  802.1 1  access  points  for  security 
and  management  purposes,  adding  lOS-based  VoIP  capa¬ 
bilities  to  routers,  to  complement  its  Architecture  for  Voice, 
Video  and  Integrated  Data  IP  telephony  technology  and 
weaving  IOS  into  its  storage  switches  acquired  from 
Andiamo. 


Platform  expansion 

As  the  IOS  software  has  evolved  to  include  new  features, 
Cisco  has  taken  the  same  strategy  with  its  hardware  by 
adding  capabilities  to  enhance  and  extend  the  life  of  its 
existing  enterprise  product  lines. 

Much  of  Cisco’s  enterprise  WAN  and  LAN  product  strat¬ 
egy  and  development  has  involved  add-ons  to  core  plat¬ 
forms  —  such  as  the  1 700-  to  3700-series  routers,  Catalyst 
switches,  IPX  firewalls  and  VPN  concentrators.  Such  up¬ 
grades  introduce  new  features  to  a  product’s  core  func¬ 
tion  (such  as  adding  VPN  capabilities  to  a  firewall)  or 
completely  recast  the  device  (such  as  content-caching 
modules  with  hard  drives  for  WAN  routers). 

Much  of  Cisco’s  strategy  for  enterprise  hardware  rests 
on  a  few  key  platforms,  such  as  the  Catalyst  6500.  The 
switch  line  was  a  $3.3  billion  revenue  stream  for  Cisco  in 
fiscal  year  2002  —  around  40%  of  its  switch  product  rev¬ 
enue  —  and  has  brought  in  a  total  of  $1 1.4  billion  over 


The  enterprise  blueprint 

Cisco  watchers  say  the  company's  strategy  revolves 
around  several  tenets: 


•  LAN/WAN  paves  the  way:  Since  it  owns  the  LAN  pipes  in  many 
networks,  Cisco  aims  to  layer  such  services  as  voice,  video,  storage, 
wireless  and  security  on  top  of  its  base  infrastructures. 

•  Build  once,  expand  often:  Cisco  continues  to  add  functions  to 
long-standing  platforms,  such  as  the  2600-series  routers,  Catalyst 
switches  and  PIX  firewalls. 

•  lntegrate:The  firm  pushes  its  end-to-end  system  concept  with 
IOS  and  CiscoWorks  software  products,  and  proprietary 
technologies  on  its  hardware  for  network  control,  management  and 
special  features. 


the  life  of  the  product. 

“Cisco  is  trying  to  get  enterprises  to  think  of  long-term 
platforms  to  which  Cisco  can  continually  add  value,” says 
Mark  Fabbi,  vice  president  and  research  director  for 
Gartner.“The  Catalyst  6500  is  the  best  example  of  its  strat¬ 
egy  of  selling  large  chassis  that  never  have  to  be 
swapped  out.  Cisco  will  make  continuous  upgrades  with 
new  features,  but  they  never  want  it  to  open  up  to  a  plat¬ 
form  discussion.” 

Since  its  introduction  in  2000,  the  box  has  evolved  from 
a  32G  bit/sec  LAN  backbone  switch  to  a  multipurpose 
device,  capable  of  acting  as  a  WAN  router,  an  intrusion- 
detection  platform,  voice  trunking,  content  switching,  fire¬ 
wall  and  VPN  functions  as  well  as  10G  Ethernet. 

“You  may  not  need  all  capabilities  today,  but  down  the 
road  they’ll  be  handy  to  have,”  says  Zeus  Kerravala.an  ana¬ 
lyst  with  The  Yankee  Group 

Upgrades  in  switching  capacity  and  density  —  such  as 
copper  Gigabit  Ethernet  in  2000  and  10G  Ethernet  in  2001 
—  have  come  in  parallel  with  feature  upgrades,  as  the  box 
has  gone  from  32G  to  256G  bit/sec,  and  recently  a  720G 
bit/sec  backplane  was  announced. Cisco  engineers  say  the 
platform  will  be  able  to  support  40G  bit/sec  in  the  future  as 
bandwidth  demand  evolves. 

The  Catalyst  6500  continues  to  evolve  with  new  fea¬ 
tures,  upgrades  and  overhauls  every  18  months  or  so, says 
Luca  Cafiero,  senior  vice  president  and  general  manager 
for  Cisco’s  switching,  voice  and  storage  technology 
group. 

R&D  vs.  M&A 

The  consistency  of  features  across  Cisco’s  multitude  of 
enterprise  platforms  has  helped  it  become  dominant  in 
most  of  the  markets  it  plays  in.  But  some  observers  say  the 
company  is  more  of  a  technological  follower  than 
a  leader. 


“You  haven’t  noticed  any  great  new  products  from 
Cisco  as  of  late,” says  Frank  Dzubeck,  president  and  CEO 
of  Communications  Network  Architects.  “What  you  see 
are  a  great  deal  of  enhancements.They  don’t  seem  to  be 
spending  money  on  making  fundamental  breakthroughs 
in  technology” 

Hold  Brothers’  Lukas  says,  “It  bothers  me  a  little  that 
the  [Catalyst  6500],  the  PIX  and  other  key  platforms 
were  the  result  of  an  acquisition  [from  Crescendo  in 
1993] .  But  the  fact  is  that  they  are  good  products.  Cisco 
didn’t  get  their  reputation  completely  through  market¬ 
ing  and  hype.  They  earned  it.  When  the  PIX  first  came 
out,  and  some  customers  said  it  stunk,  [Cisco]  saw  the 
numbers. Then  they  went  out  and  made  a  product  that 
didn’t  suck.They  didn’t  try  to  convince  people  that  100 
million  packet/sec  was  really  400  million.  They  made 
the  PIX  do  400.” 

Cisco  says  its  research-and-development  spending  has 
outpaced  its  acquisition  spending  over  the  years. 

“There  has  always  been  a  lot  more  interest 
from  the  outside  world  in  acquisitions  .  .  .  and 
very  little  in  [research  and  development],” said 
Charlie  Giancarlo,  Cisco’s  senior  vice  president 
and  general  manager  of  product  development, 
speaking  at  a  Cisco  media  event  earlier  this 
month  on  switching  technology.  “But  R&D  has 
always  been  the  majority  of  spending  Cisco  has 
done  in  new  innovation.”  He  added  that  Cisco’s 
average  R&D  spending  of  $3.3  billion  over  the 
last  3  years  is  more  than  twice  the  amount  of  any 
of  its  competitors’. 

R&D  at  Cisco  will  focus  on  making  networks  more 
intelligent  —  or,  easier  and  less  expensive  to  man¬ 
age,  Cisco  executives  say. The  idea  of  building  a  net¬ 
work  as  a  unified,  interoperable  system  instead  of  a 
mesh  of  loosely  interconnected  boxes  was  recently 
outlined  by  Mario  Mazzola,  Cisco’s  senior  vice  pres¬ 
ident  for  development. 

In  terms  of  development  strategies  at  Cisco,  there  “is  a 
move  away  from  point  products  and  a  move  toward 
global  systems  and  solutions,  Mazzola  said.The  intention 
is  to  make  it  easier  to  integrate  different  applications, 
and  to  that  extent,  networks  are  increasing  their  level  of 
intelligence.” 

Carrying  on 

On  the  service  provider  side,  the  products  and  customers 
take  on  different  shapes,  but  the  intent  [o  move  the  market 
toward  end-to-end  IP  networks  —  that  is, Cisco  networks  — 
is  the  same. 

Cisco  is  investing  $10  billion  over  five  years  in  its  service 
provider  business,  a  sum  that  is  close  to  the  five-year  R&D 
budgets  of  telecom-only  giants  Lucent  and  Nortel. 
Key  areas  for  that  investment  are  core,  edge  and  metro¬ 
politan  IP  routers  and  switches, specifically  in  a  range  of 
interfaces  for  edge  functionality  such  as  Ethernet,  tradi¬ 
tional  TDM,  and  Layer  2  data  service  migration  to  Layer  3 
backbones. 

Roland  Acra,  Cisco  senior  vice  president  and  service 
provider  CTO,  cites  recent  improvements,  including  scala¬ 
bility,  reliability,  and  high-availability  enhancements  such 
as  nonstop  forwarding,  stateful  switchover  and  Globally 
Resilient  Internet  Protocol  capabilities. 

Metropolitan  optical  and  voice  are  areas  of  significant 
investment  for  Cisco.  Over  time,  Cisco  believes  TDM-based 
SONET  and  synchronous  digital  hierarchy  rings  will  take 
on  more  packet-oriented  capabilities.  Meanwhile,  IP  tele¬ 
phony  —  service  provider  hosting  and  management  of 
VoIP  networks  for  corporations  —  and  greenfield  public 
voice  service  infrastructures  are  the  key  drivers  in  that  cat¬ 
egory,  Acra  says. 

“You  can  see  us  team  up  with  the  cable  industry,  the 
[multiservice  operator],  to  build  broadband  voice  capa- 

See  Cisco,  page  16 
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Chip  makers  forge  voice  over  IP,  LAN  features 


■  BY  PHIL  HOCHMUTH 

Network  gear  component 
makers  are  producing  new 
chips  and  switch  fabric  tech¬ 
nologies  that  could  make  prod¬ 
ucts  such  as  IP  telephones  and 
Gigabit  LAN  switches  faster  and 
less  expensive. 

Texas  Instruments  says  its  new 
product  combines  multiple  IP 
telephony  functions  once  per¬ 
formed  on  multiple  chips  into 
one  piece  of  silicon.  This  could 
drive  the  price  of  voice-over-IP 
(VoIP)  phones  lower  than  $100, 
the  company  says.  Switch  com¬ 


ponent  maker  Ample  Communi¬ 
cations  also  is  developing  a 
chipset  for  LAN  switches  that  the 
company  says  could  more  effi¬ 
ciently  manage  total  switching 
capacity  for  high-density  copper 
Gigabit  Ethernet  ports. 

Texas  Instruments’  TNETV1050 
processor  will  let  IP  phone  makers 
such  as  Avaya,  Cisco  and  Nortel 
produce  IP  phones  with  more  fea¬ 
tures,  the  company  says. 

The  multifunction  processor’s 
features  include  a  16-bit  audio 
codec,  graphics  controllers  for  an 
LCD  display,  and  digital  signal 
processors.  Vendors  of  IP  phones 


also  can  choose  between  embed¬ 
ded  protocol  stacks  on  the 
processor,  with  support  for  the 
H.323  VoIP  call  control  protocol 
or  Session  Initiation  Protocol 
(SIP).  Texas  Instruments  says  it 
currently  ships  80%  H.323  and 
20%  SIP 

The  chip  also  includes  Ethernet 
media  access  control  support  for 
a  three-port  switch  and  USB  dri¬ 
vers  for  supporting  peripheral 
devices  attached  to  an  IP  phone, 
such  as  PDAs  and  headset  periph- 
erals.The  company  says  IP  phone 
makers  will  launch  products 
based  on  the  TNETV1050  chip  in 


Phone  chips 

About  80%  of  the  IP 
phone  chipsets  Texas 
Instruments  ships  sup¬ 
port  the  H.323  protocol, 
while  SIP  accounts  for 
around  20%. 


the  fall,  but  declined  to  say  which 
vendors. 

Meanwhile,  Ample’s  Harrier 
switch  fabric  product  could  make 
the  utilization  of  switch  band¬ 


width  more  efficient  as  more 
Gigabit  Ethernet  desktops  start  to 
hook  into  corporate  LANs. 
Ample’s  silicon  aggregates  24  10/ 
100/1000M  bit/sec  connections 
into  a  single  chip  on  a  LAN  switch 
card  or  in  a  fixed-configuration 
box.  The  company  says  its  chip 
can  manage  the  switching  capac¬ 
ity  among  varying  Ethernet 
speeds,  so  all  ports  can  run  from 
10M  to  1000M  bit/sec,  while  not 
blocking  switch  connections  with 
unnecessary  bandwidth. The  firm 
says  switch  makers  could  have 
products  using  the  technology  by 
year-end.  ■ 


Vortex 

continued  from  page  1 

including  heavy  marketing  be¬ 
hind  its  Centrino  wireless  proces¬ 
sors  and  a  $150  million  wireless 
investment  fund  —  as  a  boon  for 
the  fast-spreading  technologyAnd 
Barrett  did  nothing  at  the  show  to 
temper  Intel’s  support. 

“When  people  say  [Wi-Fi  is] 
hype,!  get  a  little  riled, ’’Barrett  said, 
noting  that  the  technology  has  paid  its  dues  in 
the  grass-roots  community  and  is  no  overnight 
sensation.“Hell,Wi-Fi  is  the  only  exciting  thing 
in  the  whole  industry’ 

Intel’s  plans  are  to  get  more  devices  in  the 
market  that  run  Centrino,  and  that  wireless 
access  will  boost  demand  for  broadband  ser¬ 
vices,  which  would  generate  sales  for  more 
powerful  computers  and  devices  with  Intel 
technology  inside. 

Barrett  said  the  opportunities  in  Wi-Fi  are 
many,  especially  for  companies  that  put  new 
wireless  data  infrastructures  in  place  and  fig¬ 
ure  out  technical  challenges  such  as  roaming. 
These  companies  don’t  need  to 
gouge  customers,  such  as  those 
vendors  charging  $10  for  ’Net 
access  at  airports,  to  make  money, 
he  said.  Wi-Fi  could  even  stimulate 
demand  for  lagging  3G  services, he 
said. 

The  intersection  of  Wi-Fi  and  cel¬ 
lular  is  key  for  supporting  voice 
and  data  needs,  Barrett  said. 

“After  25  years  of  talking  about 
convergence,  this  is  the  first  time 
we've  seen  real  evidence  of 
convergence  between  the  com¬ 
puting  world  and  communica¬ 
tions  world, "he  said. 

Cisco,  too,  is  betting  big  on  Wi-Fi  and  might 
have  carved  out  a  leadership  position  in  what 
Infonetics  Research  estimates  will  be  a  $2  bil¬ 
lion  WLAN  hardware  market  this  year. 

“We’re  investing  not  just  in  the  enterprise 
space  but  in  the  consumer  space”  with  the 
recent  Linksys  acquisition,  said  Charlie 
Giancarlo,  Cisco’s  senior  vice  president  and 
general  manager  of  product  development. 

Giancarlo  dismissed  the  efforts  by  a  group  of 


fcll'm  not  sure  what  the  business 
model  is  [for  public  Wi-Fi].  9  9 


General  Motors 
CTO  Tony  Scott 
says  it's  in  with  Wi¬ 
Fi,  out  with  propri¬ 
etary  spread  spec¬ 
trum  at  the 
automaker. 


Larry  Babbio,  Jr. 

President,  Verizon 


wireless  switch  start-ups  that  he  said  are  fail¬ 
ing  to  focus  on  what  customers  want.  He  said 
customers  want  to  greatly  simplify  wireless  in 
enterprise  networks;  they  want  to  “put  one  box 
in  the  wiring  closet  and  have  an  entire  floor 
covered  .’’Cisco  plans  to  elaborate  on  its  WLAN 
strategy  early  next  month. 

Verizon’s  Babbio  said  his  company’s  enthusi¬ 
asm  forWi-Fi  is  more  muted,  although  he  men¬ 
tioned  recently  announced  plans  to  convert 
old  pay  phones  for  use  as  Wi-Fi  hot  spots  and 
that  Verizon  Wireless  also  has  Wi-Fi  designs.  He 
said  the  pay  phone-to-Wi-Fi  service  would  be 
an  add-on  for  DSL  customers,  not  for  the  gen¬ 
eral  public. 

“I’m  not  sure  what  the  business 
model  is”  for  public  Wi-Fi,  he  said. 
“But  it’s  so  early  we  could  be  having 
a  totally  different  conversation  next 
year” 

Paul  Jacobs,  president  of  Qual¬ 
comm’s  Wireless  and  Internet 
Group,  isn’t  so  sure  wireless  carriers 
have  big  plans  for  Wi-Fi  other  than  as 
a  fill-in  technology 
“I  sort  of  feel  trapped  back  in  the 
Internet  bubble  days,"  he  said,  re¬ 
ferring  to  the  buzz  surrounding  Wi-Fi. 
When  asked  if  carriers  had  requested 
Qualcomm  to  include  Wi-Fi  support 
in  the  chips  it  builds  for  mobile  devices,  he 
replied:“They  have  not  asked  us  to  do  that.” 

But  he  said  Wi-Fi  could  be  good  for  cellular 
carriers  because  they  are  now  charging  a  flat 
rate  to  users,  and  if  they  can  get  those  paying 
customers  off  their  cellular  networks  and  onto 
Wi-Fi  networks  it  could  keep  their  cellular  sys¬ 
tems  from  getting  overburdened. 

Other  Wi-Fi  discussions  at  Vortex  included  a 
debate  between  former  IBM  Vice  President  of 


Internet  Technology  John  Patrick 
and  analyst  Peter  Bernstein  of 
Infonautics  Consulting.  Patrick  was 
charged  with  arguing  for  Wi-Fi  as 
being  the  most  disruptive  technol¬ 
ogy  since  the  Internet,  while 
Bernstein  took  the  opposite  view. 
By  show  of  applause,  the  audience 
judged  the  debate  a  draw,  appar¬ 
ently  unconvinced  by  Patrick’s 
examples  of  Wi-Fi’s  promise  and 
ability  to  reshape  social  norms. 


Wi-Fi  at  work 

Perhaps  more  persuasive  was  GM’s  Scott, 
who  said  the  automaker  spends  $3  billion  a 
year  on  IT.  Among  its  recent  projects  was 
replacing  almost  all  proprietary  spread  spec¬ 
trum  wireless  networks  with  802.11.  One 
thing  he  likes  about  Wi-Fi  is  that  it’s  a  stan¬ 
dards,  and  that  fits  into  an  approach  at  GM 
whereby  the  company  tries  to  stick  to  buy¬ 
ing  standard  technologies  to  help  simplify 
support  and  interoperability  across  its  many 
locations.  GM  also  is  looking  at  voice  over 
Wi-Fi  in  some  areas. 

Although  GM  hasn’t  experienced  huge  sur¬ 
prises  with  Wi-Fi,  Scott  said  the  company  has 
used  the  technology  in  more  places,  such  as 
quality  control,  than  originally  intended. 
However,  GM  doesn’t  quite  trust  the  technol¬ 
ogy  enough  to  support  applications  in  the 
manufacturing  process  that  involve  human 
safety,  he  said. 

Scott  cited  3G  wireless  as  the  most  over¬ 
hyped  technology  “That’s  something  we’re  not 
worrying  about,”  he  said. 

Not  that  companies  aren’t  without  worries 
about  Wi-Fi.Ted  Julian,  chief  strategist  for  secu¬ 
rity  company  Arbor  Networks,  said  Wi-Fi  “has 
some  encryption  issues”  —  so  much  so  that 
Arbor  requires  Wi-Fi  users  on  its  staff  to  come 
in  through  aVPN.B 
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Caffrey  manager  of  messaging 
solutions  for  IBM/Lotus. 

“We’re  seeing  a  tactical  move  to 
combat  Microsoft  on  price,  but 
strategically  this  is  about  a  com¬ 
ponent  approach  to  collabora¬ 
tion,”  says  Dana  Gardner,  an  ana¬ 
lyst  with  The  Yankee  Group. 

Meta  Group  estimates  that 
Microsoft  customers  pay  $1 1  per 
user  per  month  for  Exchange  as 
opposed  to  $15  to  $22  that  Lotus 
customers  pay  for  Domino. 

Microsoft  does  not  plan  to  cre¬ 
ate  a  low-cost  e-mail  platform, but 
is  offering  pricing  and  licensing 
deals  on  Exchange. 

“This  is  not  the  evolution  of 
Notes  and  Domino,  this  is  the  re¬ 
placement,”  says  Jim  Bernardo, 
product  manager  for  the  .Net 
enterprise  server  group  at  Micro¬ 
soft.  “Our  strategy  is  more  evolu¬ 
tionary  and  will  grow  out  of  the 
existing  technology’ 

For  the  past  two  years  IBM  and 
Microsoft  have  pushed  a  model 
of  contextual  collaboration, 
which  lets  collaboration  features 
be  embedded  in  other  applica¬ 
tions.  But  both  vendors  still  need 
to  deliver  native  Web  services 
interfaces. 

Clearly  providing  mail  to  desk¬ 
less  workers  is  not  the  end  game. 
The  stand-alone  messaging  mar¬ 
ket  totaled  102  million  users  in 
2001  with  only  about  15% 
labeled  as  deskless  workers, 
according  to  IDC.  By  compari¬ 
son,  Domino  and  Exchange  each 
have  more  than  100  million  cor¬ 
porate  users. 

“It’s  about  determining  what 
customers  want  in  the  right  form 
factor  and  right  functionality  It’s 
not  bulky  groupware,”  says 
Robert  Mahowald,  an  analyst 
with  IDC.B 
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Outsourcing  pitfalls 

Forging  better  outsourcing  relationships  can  save 
companies  money,  according  to  Gartner.  The  research 
firm  identifies  five  symptoms  of  a  poor  relationship: 

Wrong  expectations:  Business-unit  requirements  often  are 
misaligned  with  service  providers’  contractual  obligations. 

Poor  deal  structures:  Negotiations  assume  a  steady-state 
business  environment,  but  the  reality  is  that  business  is  constantly 
in  flux. 

Poor  communications:  Business  executives  receive  performance 
reports  they  don't  understand  and  have  little  interest  in. 

Poor  processes:  The  procedures  created  to  manage  long-term 
agreements  serve  little  practical  purpose  and  often  result  in 
unnecessary  confrontation. 

Lack  of  leadership:  Skeleton  teams  left  to  manage  complex 
deals  are  overworked,  ill-equipped  and  undervalued. 


Contracts 

continued  from  page  1 

“There  is  no  question  that  ven¬ 
dors  are  attempting  to  become 
more  flexible  in  their  pricing,” 
says  Jasmine  Noel,  principal  at 
research  firm  JNoel  Associates. 
“Users  are  in  the  driver’s  seat 
when  it  comes  to  contract 
structure.” 

It’s  not  a  new  concept,  but  it’s 
gaining  momentum, adds  Andrew 
Efstathiou,  program  manager  at 
The  Yankee  Group.  Early  examples 
of  performance-based  contracts 
are  rare  and  typically  reserved  for 
a  specific  element  of  an  outsourc¬ 
ing  contract,  Efstathiou  says.  For 
example,  both  parties  might  agree 
in  advance  that  if  a  vendor  is  able 
to  reduce  the  cost  of  service  more 
than  anticipated,  the  customer 
and  vendor  will  receive  a  portion 
of  the  savings. 

Applied  more  broadly,  a  busi¬ 
ness-performance-based  contract 
could  be  good  for  users.  “It  has 
the  potential  to  save  customers 
moneyAlso.it  has  the  opportunity 
to  reduce  business  risk  by  con¬ 
verting  fixed  costs  to  variable 
costs,”  Efstathiou  says. 

Companies  also  stand  to  gain 
greater  insight  into  the  profitabil¬ 
ity  of  business  initiatives  with  per¬ 
formance-based  contracts,  Noel 
says.“Users  can  clearly  and  direct¬ 
ly  match  the  amount  spent  on  IT 
with  a  revenue  stream,”  she  says. 
“By  doing  that,  they  can  immedi¬ 
ately  see  if  an  e-business  project 
is  really  profitable  or  not  —  and 
they  can  then  make  better  deci¬ 
sions  about  managing  their  costs 
or  offering  a  particular  service.” 

However,  taking  advantage  of 
variable-pricing  contracts  might 
require  a  change  in  IT  gover¬ 
nance,  because  most  companies 
budget  for  fixed  IT  costs.  “De¬ 
pending  on  who  the  vendor  is 
talking  to  within  an  end-user 
organization,  [ther  person]  may 
not  have  the  ability  to  accept  a 
variable-priced  contract,”  Efstath 
iou  says. 

For  example,  an  IT  manager  or 
CIO  might  be  interested  in  vari¬ 
able  pricing  but  can’t  negotiate 
for  it  because  it  doesn’t  match  up 
with  the  budgeting  process.  In 
contrast, a  CEO  or  line-of-business 
manager  with  revenue  responsi¬ 
bility  might  have  more  leeway  to 
negotiate  variable  pricing. 

“When  you’re  dealing  with  prof¬ 
it  and  loss,  if  the  revenue  doesn’t 
show  up,  then  you’re  going  to  be 
losing  money  if  you  have  fixed 
costs,"  he  says.“Being  able  to  con¬ 
vert  some  of  those  fixed  costs  to 
variable  costs  helps  you  to  main¬ 
tain  margins  regardless  of  the  vol¬ 


ume  that’s  flowing  through.  For 
people  who  have  profit-loss 
responsibility  this  type  of  arrange¬ 
ment  resonates  very  well.” 

Insuring  vendor  commitment 

Canada  Life  outsources  the 
care  of  its  Genelco  insurance 
claims  and  administration  appli¬ 
cations  system  to  IBM  in  an 
arrangement  whereby  the 
Toronto  insurer  pays  for  IT  ser¬ 
vices  that  are  based  on  the  num¬ 
ber  of  insurance  policies  on  the 
system. 

The  deal,  inked  in  March,  is  not 
a  “traditional  outsourcing  agree¬ 
ment  where  the  vendor  has  a 
vested  interest  in  having  the  cus¬ 
tomer  consume  more  technology 
so  that  it  can  make  more  money]’ 
says  Doron  Cohen,  senior  vice 
president  and  CIO  at  the  insur¬ 
ance  company 

A  traditional  technology-based 
contract  would  have  put  the  onus 
on  Canada  Life  to  second  guess 
whether  the  vendor  was  short¬ 
changing  it,  Cohen  says.  For  ex¬ 
ample,  one  executive  at  Canada 
Life  wanted  to  require  IBM  to  pro¬ 
vide  adequate  application  main¬ 
tenance  expertise  and  suggested 
a  clause  in  the  contract  that  said 
IBM  had  to  commit  six  people 
who  had  experience  with  the 
Genelco  package. 

“1  said  no,”  Cohen  says.  “The 
minute  1  contract  for  six  people.it 
becomes  my  job  to  test  them  to 
see  if  they  are  qualified.  That’s 
exactly  what  I  don’t  want  to  do.” 

In  its  arrangement  with  Canada 
Life,  IBM  is  on  the  hook  to  deliver 
results,  Cohen  says.  IBM  has  an 
incentive  to  upgrade  and  en¬ 
hance  the  services  that  the  sys¬ 
tem  provides  to  customers, 
because  the  more  policies  cus¬ 
tomers  buy  the  more  money  IBM 
makes,  he  says. 


In  addition,  service-level  agree¬ 
ments  built  into  the  contract  call 
for  IBM  to  adhere  to  a  schedule  of 
application  upgrades  and  to 
implement  code  changes  the 
insurer  specifies  within  a  prede¬ 
termined  time  period.  “I  made  it 
very  clear  to  IBM  and  to  every¬ 
body  involved:  You  will  make 
more  money  if  ,and  only  if,  we  sell 
more  policies,”  Cohen  says. 

Cohen  says  orchestrating  the 
deal  wasn’t  easy  —  it  took  seven 
months  and  several  lawyers  to 
hammer  it  out.  IBM  felt  the  deal 
left  too  many  things  open-ended, 
and  Canada  Life  staff  felt  they 
were  giving  up  too  much  control, 
Cohen  says.  “Everybody  was 
equally  uncomfortable  with  it,”  he 
says.  “So  1  had  to  fight  them  all 
and  bang  heads.” 

M^jor  League  commerce 

Noah  Garden,  senior  vice  presi¬ 
dent  of  e-commerce  at  MLB  Ad¬ 
vanced  Media,  had  an  easier  time 
ironing  out  a  contract  between 
Major  League  Baseball  and  e- 
commerce  service  provider 
Digital  River  —  particularly  be¬ 
cause  the  vendor  built  its  busi¬ 
ness  around  variable  pricing. 

“Our  whole  business  is  based 
on  a  revenue-share  model,”  says 
David  Alampi,  vice  president  of 
marketing  at  Digital  River. “So  our 
motivation  is  exactly  aligned  with 
our  client’s  motivation,  which  is  to 
grow  their  business.” 

Club  owners  voted  in  2000  to 
centralize  Major  League  Base¬ 
ball’s  Internet  operations.  Placed 
in  charge,  MLB  Advanced  Media 
farmed  out  portions  to  Digital 
River.  MLB  controls  what  mer¬ 
chandise  is  sold  on  the  league’s 
site  and  the  30  individual  teams’ 
sites,  and  how  that  merchandise 
—  about  30,000  items  —  is  priced 
and  presented. 


Since  2001,  Digital  River  has 
handled  the  transaction  side, 
including  credit  card  authoriza¬ 
tion  and  fraud  protection.  Last 
year,  Digital  River  added  cus¬ 
tomer  service  and  order  fulfill¬ 
ment  to  its  roster  of  duties. 

Outsourcing  appealed  to  MLB 
Advanced  Media,  because  the 
business  was  a  start-up  and  the 
schedule  for  launching  31  Web 
sites  was  tight.  “Essentially  we 
didn’t  really  know  what  the  size 
of  business  was,”  Garden  says. 
“And  we  were  trying  to  launch  31 
sites  in  four  months.” 

The  revenue-sharing  model  was 
a  deciding  factor  in  going  with 
Digital  River,  Garden  says.  “It’s 
been  well  documented  the  suc¬ 
cesses  and  failures  of  all  those 
companies  that  provide  these 
sorts  of  services,”  he  says.  “We 
were  not  going  to  get  into  a  rela¬ 
tionship  with  a  partner  that  didn’t 
have  skin  in  the  game.” 

The  arrangement  motivates 
Digital  River  to  keep  improving  its 
technology;  the  companies  regu¬ 
larly  brainstorm  about  new  tech¬ 
nologies  that  could  drive  sales, 
Garden  says.  “I  don’t  think  that 
happens  as  much  in  a  relation¬ 
ship  where  you  just  pay  a  vendor 
a  flat  amount  and  then  they  move 
onto  the  next  client,”  he  says. 

Utility  computing  ramp-up 

Variable  pricing  is  not  a  fit  for 
every  outsourcing  occasion.  Com¬ 
panies  with  stable  transaction  lev¬ 
els  might  not  have  much  to  gain 
by  switching  to  a  usage-based  or 
performance-based  outsourcing 
model,  he  says. 

In  addition,  there  are  technol¬ 
ogy  hurdles  to  overcome.  “It’s  a 
big  problem  to  do  this  if  you  can’t 
meter  how  much  has  been  used, 
and  if  you  can’t  price  per  transac¬ 
tion,”  Efstathiou  says. 

Still,  vendors  such  Accenture, 
Electronic  Data  Systems,  HP  and 
IBM  that  are  aggressively  pursu¬ 
ing  utility  computing  initiatives 
will  drive  adoption  of  IT  services 
priced  according  to  business 
metrics,  observers  say. 

“An  outsourcing  vendor  can 
only  make  money  on  these  deals 
if  it  can  allocate  its  internal  re¬ 
sources  in  a  flexible,  adaptable 
way?  Noel  says.“Utility  computing 
efforts  give  the  vendors  the  nuts 
and  bolts  with  which  to  create 
these  services." 

“The  whole  utility  computing 
model  plays  to  this,”  Efstathiou 
agrees.“ln  the  long  run,  a  prepon¬ 
derance  of  pricing  will  be  by 
business  transaction.”  ■ 
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bilities  since  these  guys  are 
clearly  on  the  offensive  in  that 
domain,"  Acra  says.” 

But  Cisco’s  challenge  in  further¬ 
ing  its  IP  voice  vision  is  this:  Why 
would  a  carrier  want  to  go 
through  that  when  it  has  had  a 
reliable,  revenue-generating  TDM 
infrastructure  in  place  for  close 
to  100  years? 

In  metropolitan  optical,  Cisco’s 
ONS  15454  SONET  transport  sys¬ 
tem  is  a  popular  product,  with 
more  than  900  customers  and 
30,000  systems  deployed  world¬ 
wide.  But  long-haul  optical  is 
another  story 

Observers  speculate  that  Cisco 
will  exit  the  long-haul  optical 
market  where  its  ONS  15800 
DWDM  platforms  have  lan¬ 
guished  —  one  of  the  hardest-hit 
markets  during  the  three-year 
telecom  slump. 

A  router  company  at  the  core 

Cisco  continues  to  add  high¬ 
speed  edge  capabilities  to  its 
12000  series  core  router  and 
position  its  7600  series  as  the 
platform  upgrade  for  the  8-year- 
old  and  widely  installed  7500 
series. 

In  core  routers,  Cisco’s  market 
share  in  the  fourth  quarter  of 
2002  slid  by  7%,  to  73%,  Synergy 
says.  Meanwhile,  rival  Juniper 
saw  its  core  router  revenue 
climb  nearly  40%,  accompanied 
by  a  significant  take-back  in 
market  share  from  Cisco.  Juniper 
raised  its  core  router  market 
share  7.2%,  to  24.8%,  according 
to  Synergy. 

Juniper’s  gain  might  be  attrib¬ 
utable  to  the  unveiling  of  its 
T640  core  router  last  year,  which 
boasts  terabit-level  scalability, 
support  for  40G  bit/sec  per  slot, 
and  a  five-to-seven-year  product 
lifespan,  among  other  features. 
Meanwhile,  Cisco’s  12000  series 
router  line  is  4  years  old. 

After  Cisco  unveiled  the  12400 
line  in  2001,  Juniper  began  los¬ 
ing  share  to  Cisco.  Now  it  has 
gained  some  back  as  the  indus¬ 
try  awaits  Cisco’s  new  core  offer¬ 
ing,  which  might  come  later  this 
year.  Acra  says  a  major  12000- 
series  upgrade  occurs  every 
two  years. 

“No  doubt  about  it,  the  Cisco 
12000  series  is  long  in  the  tooth," 
Current  Analysis’  McGarvey  says. 
“However,  Cisco  is  really  smart 
about  upgrading  technology  at 
the  right  time.”B 
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Grid  technology  helps  fight  SARS 

Urgent  call  answered  by  open  source  Access  Grid. 


■  BY  JENNIFER  MEARS 

As  the  number  of  suspected 
Severe  Acute  Respiratory  Syn¬ 
drome  cases  in  Taiwan  grew  last 
week,  a  group  of  vendors  was 
banding  together  to  give  hospi¬ 
tals  and  health  organizations  a 
way  to  share  possibly  lifesaving 
information. 

Taiwanese  hospitals  are  now  in 
the  process  of  deploying  Access 
Grid,  an  open  source  collabora¬ 
tion  application  that  was  de¬ 
signed  to  harness  grid  computing 
power  to  give  users  virtual  meet¬ 
ing  capabilities  that  Access  Grid 
developers  say  go  beyond  typical 
videoconferencing. 

“We  got  a  call  to  arms  over  the 
open  source  development  list  for 
Access  Grid  .  .  .  indicating  that 
there  was  an  urgent  requirement 
for  support  for  some  hospitals  that 
are  in  the  trenches  battling  SARS,” 
says  Mary  Spada,  program  manag¬ 
er, strategic  initiatives  at  the  Mathe¬ 
matics  and  Computer  Science 
Division  of  Argonne  National 
Laboratory  in  Illinois, which  devel¬ 


oped  the  Access  Grid  technology 

The  National  Center  for  High- 
Performance  Computing  in  Tai¬ 
wan  made  the  initial  request  May 
15,  indicating  an  urgent  need  for 
expertise  in  establishing  Access 
Grid  capabilities.  Access  Grid  will 
link  medical  facilities  in  Taiwan 
with  health  officials  at  the  health 
department  in  Taiwan,  the  World 
Health  Organization  in  Geneva 
and  the  Centers  for  Disease 
Control  in  Atlanta, she  says. 

“They’re  calling  it  an  emergency 
response  network,”  she  says. 

The  goal  in  Taiwan  is  to  use 
Access  Grid  to  share  X-rays  and 
medical  information  about  SARS 
patients.  An  e-mail  sent  from  the 
Pacific  Rim  Applications  and  Grid 
Middleware  Assembly  at  the 
University  of  California, San  Diego 
says  “there  are  3,000  patients, 
each  requiring  a  minimum  of  one 
X-ray  per  day  for  30  days.The  size 
of  each  file  [X-ray]  ranges  from  1 
megabyte  to  20  megabytes.” 

Access  Grid  will  create  a  secure 
repository  for  those  files  and 
“allow  doctors  remote  viewing 


Gaining  access 

Access  Grid,  an  open 
source  application  that 
enables  high-quality 
collaboration  across 
grids,  is  used  by  more  than 

175 

organizations  worldwide, 
including  universities, 
labs  and  corporations 
such  as  Ford,  IBM  and 
Johnson  &  Johnson. 


and  collaboration  of  patient  X- 
rays  and  other  information  to  pro¬ 
vide  expert  diagnosis  and  analy¬ 
sis  to  combat  the  SARS  crisis,”  the 
e-mail  says. 

Argonne  National  Laboratory 
developed  the  Access  Grid  tech¬ 
nology  in  the  late  1990s,  with 
funding  from  the  U.S.  Department 
of  Energy  Office  of  Science,  to 
take  advantage  of  emerging  grid 
computing  as  a  basis  for  distrib¬ 


uted  group  collaboration.  Access 
Grid  users  set  up  nodes  or“design 
spaces”  that  have  the  audio  and 
visual  technology  needed  to  cre¬ 
ate  a  high-quality  collaborative 
experience.  Access  Grid  provides 
remote  collaboration  with  virtual 
rooms  that  mimic  what  users 
would  have  in  face-to-face  situa¬ 
tions,  Spada  says. 

“You  have  multiple  feeds  of 
information.  Just  like  if  you  walk 
into  a  room, you  don’t  just  stare  at 
one  little  spot,  you’re  not  limited 
in  what  you  can  look  at  and  what 
you  can  touch,” she  says.“Similarly 
in  an  Access  Grid  session,  I  may 
have  a  document  up,  1  may  have  a 
Web  site  up,  I  have  lots  of  pictures 
in  front  of  me.”  And  participants 
can  zoom  in  on  where  they  want 
to  take  a  closer  look  and  see  each 
other  via  video  feeds,  she  adds.  ■ 


Servers 


Subscribe  to  our  free  newsletter. 
DocFinder:  5434  www.nwfusion.con 


Video  multicasting  without  client  mgmt. 


■  BY  JASON  MESERVE 

Start-up  Video  Furnace  is  look¬ 
ing  to  change  the  wayTV-quality 
video  is  streamed  over  an  IP 
Multicast-enabled  LAN  or  WAN 
by  delivering  the  video  to  a  PC 
without  the  need  for  a  pre¬ 
installed  player  client. 

Part  of  the  problem  with 
streaming  media  is  ensuring  that 
viewers  have  the  proper  version 
of  the  player  client  installed  on 
their  machines  for  the  format 
being  streamed.  Outdated  ver¬ 
sions  of  a  player  have  a  problem 
viewing  content  that  is  encoded 
in  newer  formats. 

Video  Furnace’s  answer  to  that 
problem  is  to  deliver  a  small 
(200K-byte)  software  player  with 
the  stream.  A  viewer  would  visit 
a  Web  page  and  click  “view 
stream,"  and  a  small  Java  applet 
would  determine  the  operating 
system  (Windows,  Linux  or 
Macintosh)  on  the  target  ma¬ 
chine.  Video  Furnace  first  down¬ 
loads  the  player  from  a  central 
server  and  then  plays  the  stream, 
usually  a  live  multicast  video, 
although  video  on  demand  also 
is  supported. 


Gable  delivery 

Northwestern 
University  estimates  it 
saved  at  least 

$12  million 
in  coaxial  cable 
installation  costs  by 
delivering  cable  TV  to  its 
dorms  using  IP  video. 


“The  player  goes  away  at  the 
end  of  the  session,”  says  Howard 
Weinzimmer,  CEO  of  Video  Fur- 
nace.'There’s  no  issues  with  mul¬ 
tiple  versions  or  browsers." 

Northwestern  University  in  Chi¬ 
cago  is  using  the  Video  Furnace 
technology  to  deliver  20  chan¬ 
nels  of  television  to  its  4,350 
undergraduate  students  living  in 
dormitories.  Instead  of  installing 
coaxial  cable  to  each  dorm  at  a 
cost  of  $2  million  or  more,  the 
university  decided  to  leverage  its 
existing  data  drops  and  Gigabit 
Ethernet  backbone  to  deliver 
video,  says  Dave  Carr,  director  of 


telecommunications  and  net¬ 
work  services. 

Carr  says  a  rack  of  20  Video 
Furnace  servers  sit  in  the 
school’s  network  operations  cen¬ 
ter,  each  encoding  a  single  chan¬ 
nel  of  television  into  MPEG-2  for 
delivery  over  the  school’s  Multi¬ 
cast-enabled  backbone.  Students 
hit  a  default  page  for  the  televi¬ 
sion  service,  click  “Watch  TV”  and 
the  player  is  downloaded  in 
about  three  to  five  seconds,  after 
which  a  default  channel  (CNN) 
comes  on  screen. 

Students  can  change  channels 
using  an  on-screen  guide  that 
provides  information  on  all 
available  channels.  The  guide 
data,  which  has  small,  video-pre- 
view  windows,  is  delivered  over 
the  standard  multicast  protocols 
using  a  proprietary  technology 
that  Video  Furnace  developed. 

Each  channel  is  delivered  at  2M 
bit/sec,  but  because  one  stream 
out  of  a  IP  Multicast  server  can 
serve  every  user,  all  20  channels 
consume  only  about  5%  of  the 
total  available  bandwidth  in  the 
school  network,  Carr  says.  He 
adds  that  the  peak  load  to  date  is 
2,700  simultaneous  viewers. 


Students  can  watch  more  than 
one  channel  at  a  time,  limited 
only  by  the  processing  capacity 
of  their  machine  and  the  avail¬ 
able  space  on  the  screen  for  mul¬ 
tiple  windows. 

When  deciding  to  deploy  the 
television  network  over  IR  North¬ 
western  looked  at  a  variety  of 
Video  Furnace  competitors,  in¬ 
cluding  V-Brick  and  Cisco’s 
IP-TV  technology 

“What  it  came  down  to  is  qual¬ 
ity  of  signal  and  ease  of  manage¬ 
ment,  both  on  the  server  and 
client  sides,”  Carr  says.  “The 
biggest  barrier  to  success  was 
client  management. We  had  a  dif¬ 
ficult  time  doing  Windows 
Media,  QuickTime  or  Real  be¬ 
cause  there  are  so  many  versions 
of  each.” 

If  a  new  player  update  is  avail¬ 
able,  the  IT  staff  can  test  it  and 
add  it  to  the  server  farm.  “The 
next  person  that  watches  TV  gets 
the  new  client,”  he  says. 

Video  Furnace’s  server  hard¬ 
ware  and  software  is  available 
for  about  $13,000.  On  the  client 
side,  a  concurrent  viewer  license 
is  available  for  between  $8  and 
$15  annually.  ■ 
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IBM  ups  mainframe  expectations 


Takes 

■  Six  weeks  after  discontinuing  its 
own  version  of  Linux,  Sun  last  week 
said  it  will  sell  and  support  all  three  of 
Red  Hat’s  Enterprise  Linux  oper¬ 
ating  systems  on  Sun  x86  server 
hardware.  The  two  companies  said 
the  deal  also  will  include  plans  for  Red 
Hat  to  distribute  Sun’s  Java  technol¬ 
ogy.  Sun  will  sell  and  support  Red  Hat 
Enterprise  Linux  AS,  Red  Hat  Enter¬ 
prise  Linux  ES  and  Red  Hat  Enter¬ 
prise  Linux  WS.  In  collaboration  with 
Red  Hat,  Sun  will  provide  global  ser¬ 
vices  and  support  for  Red  Hat  Enter¬ 
prise  Linux,  the  companies  said.  Red 
Hat  Enterprise  Linux  is  expected  to  be 
available  from  Sun  by  the  summer. 

■  EMC  enhanced  its  low-end  CX200 
storage  system  last  week  by  adding 
a  model  with  a  single  controller,  Ad¬ 
vanced  Technology  Attachment  dri¬ 
ves  and  a  60%  boost  in  performance. 
Existing  CX200  drives  now  support 
high-performance  Fibre  Channel  dri¬ 
ves  and  ATA  drives  in  one  box. 
Customers  can  use  the  Fibre 
Channel  drives  for  transactional  and 
file-based  data  and  the  ATA  for  disk- 
backup  applications.  Customers  can 
migrate  from  one  type  of  storage  to 
another  without  taking  the  system 
down.  The  CX200  now  supports  up  to 
6  terabytes  of  data.  The  company 
also  rolled  out  user-executable 
upgrades  for  Clariion  software  appli¬ 
cations  that  don’t  require  the  cus¬ 
tomer  to  take  the  system  down.  A 
108G  byte  Clariion  CX200  is  available 
for  about  $10,000. 

■  Opera  Software  announced  a  ver¬ 
sion  of  its  Web  software  aimed  at 
improving  the  Internet  messaging  and 
surfing  experience  of  Linux  users. 
Opera  7.11  is  available  on  the  open 
source  Linux  operating  system,  com¬ 
ing  after  last  week’s  release  of  a  7.11 
version  for  Microsoft  Windows.  The 
latest  version  of  Opera  for  Linux  can 
be  downloaded  from  the  company’s 
site.  With  the  new  version,  the  compa¬ 
ny  offers  an  integrated  e-mail  client 
and  e-mail  organizer,  which  automati¬ 
cally  categorizes  and  sorts  e-mail 
messages,  a  spokeswoman  said. 


■  BY  ANN  BEDNARZ  AND  JENNIFER  MEARS 

IBM’s  new  Big  Iron,  code-named  T-Rex,  is 
not  your  fathers  mainframe. 

The  zSeries  990  has  brawn  and  —  unlike 
its  predecessors  —  the  z990  is  built  to  be 
flexible.  It  can  accommodate  varied  work¬ 
loads  and  is  designed  to  respond  automat¬ 
ically  to  shifting  demands  for  computing 
power. 

Users  and  analysts  say  IBM’s  efforts  to 
make  a  mainframe  that’s  relevant  for 
today’s  enterprise  computing  requirements 
are  on  target. 

Harry  Roberts,  CIO  at  Boscov’s  Depart¬ 
ment  Stores  in  Reading,  Pa.,  says  his  com¬ 
pany  has  found  the  mainframe  ideal  for 
server  consolidation.  Boscov’s  halved  the 
number  of  systems  in  its  90system  server 
farm  by  transferring  applications  to  Linux 
running  on  the  mainframe,  Roberts  says. 

“The  T-Rex  is  the  next  step  in  the  evolu¬ 
tion  of  the  enterprise  server  and  promises 
some  even  better  performance  for  its  Linux 
applications  support,”  Roberts  says.  “This 


A  recently  announced  all-fiber-based 
switch  from  3Com  could  help  govern¬ 
ment  agencies  looking  to  deploy  secure 
fiber-based  network  infrastructures  with¬ 
out  breaking  their  IT  budgets. 

3Com’s  SuperStack  3  Switch  4400  FX 
can  be  used  to  link  end-user  PCs  or 
other  switches  in  different  LAN  seg¬ 
ments  with  multimode  fiber  connec¬ 
tions.  The  box  could  be  deployed  at 
agencies  that  handle  classified  data  and 
require  fiber  connections  for  security, 
because  data  traveling  on  fiber-optic 
cable  cannot  be  tapped  as  easily  as  cop¬ 
per,  experts  say.  Such  agencies  require 
high-density  fiber  connections  even  to 
desktops,  which  are  typically  copper- 
based  connections. 

The  SuperStack  3  Switch  4400  comes 
with  24  ports  of  100Base-FX  built  into  a 
fixed-configured,  lU-high  switch.  Each 
port  can  support  a  multimode  fiber  con¬ 
nection  and  transmit  data  more  than  1.2 
miles.  (Copper  Fast  Ethernet  ports  have  a 


isn’t  the  mainframe  of  our  youth." 

IBM’s  mainframe  has  newfound  rele¬ 
vance  for  two  main  reasons,  says  Gordon 
Haff,  senior  analyst  and  IT  adviser  at 
Illuminata.The  first  is  that  it’s  continuously 
folded  in  modern  technologies  like  Java 
Virtual  Machines  and  relational  databases 
and  TCP/IP  networking,”  he  says.The  other 
is  that  it’s  kept  the  hardware  performance 
and  capabilities  competitive  by  leveraging 
development  across  its  multiple  server 
products.” 

The  z990  won’t  change  the  fundamental 
type  of  applications  that  users  will  be  able 
to  run  on  the  mainframe,  Haff  says.  But  for 
companies  that  use  the  mainframe  to  com¬ 
bine  workloads,  the  z990  will  enable 
greater  consolidation,  he  says. 

Seeking  new  workloads 

Launched  earlier  this  month,  the  z990  is 
the  result  of  a  four-year,  $1  billion  invest¬ 
ment  in  the  zSeries  platform,  IBM  says.  It 
can  handle  nearly  three  times  the  work  of 
its  predecessor,  the  z900,  processing  up  to 


distance  limitation  of  about  1,000  feet.) 

The  Layer  2  switch  can  support  802. Ip 
packet  forwarding  prioritization  and 
802. IQ  virtual  LAN  segmenting  for  provid¬ 
ing  security  and  quality  of  service  to  vari¬ 
ous  user  groups  and  types  of  traffic. 
Multiple  4400s  can  be  stacked  and  man¬ 
aged  as  a  single  network  node. 

The  company’s  fixed  Layer  2  and  Layer  3 
products  —  which  include  copper-  and 
fiber-based  switches  —  continue  to  repre¬ 
sent  a  large  part  of  the  market,  according 
to  Synergy  Research.  Its  stackables  ac¬ 
counted  for  1 1%  of  the  $969  million  in  the 
fixed-configured  switch  market  in  the  first 
quarter  of  2003,  second  only  to  Cisco’s 
59%.  In  terms  of  price,  3Com  s  fixed  LAN 
ports  were  about  $23  per  port  last  quarter, 
less  than  half  the  cost  of  its  top  two  rivals, 
Cisco  and  Nortel. 

Cisco  and  Allied  Telesyn  are  among  sev¬ 
eral  competitors  that  make  high-density 
fiber-based  switches  aimed  at  the  govern¬ 
ment  market. 

The  SuperStack  3  Switch  4400  FX  will  be 
available  in  July  for  $4,500.  ■ 


450  million  e-business  transactions  per  day 

The  heart  of  the  z990  is  a  new,  16-chip  mul¬ 
tichip  module  (MCM)  that’s  half  the  size  of 
IBM’s  current  chip  modules  and  contains 
more  than  3.2  billion  transistors.  Built  using 
IBM’s  Silicon-on-Insulator  technology  the 
MCM  helps  account  for  the  z990’s  perfor¬ 
mance  improvements,  IBM  says. 

Brawn  aside,  IBM  says  the  real  value  of 
the  z990  is  that  it  can  handle  new  work¬ 
loads,  such  as  managing  hundreds  or 
thousands  of  virtual  Linux  servers  within 
one  box.  For  that  purpose,  the  z990  can  be 
divided  into  30  logical  partitions. 

Linux  is  an  increasingly  important  con¬ 
tributor  to  IBM’s  mainframe  business.  Ship¬ 
ments  of  Linux  on  the  mainframe  grew 
45%  between  2001  and  2002,  and  Linux  sys¬ 
tems  accounted  for  17%  of  IBM’s  main¬ 
frame  revenue  in  2002,  according 
to  Gartner. 

Today  more  than  200  IBM  mainframe  cus¬ 
tomers  have  at  least  one  Linux  application 
in  production  on  their  IBM  mainframes, 
and  more  than  400  additional  companies 
are  evaluating  or  in  the  process  of  imple¬ 
menting  production  Linux  applications, 
the  firm  says. 

In  addition  to  the  z990’s  virtualization  fea¬ 
tures,  IBM  also  emphasizes  the  systems  util¬ 
ity  computing  capabilities.  Big  Blue  has 
made  on-demand  features  a  cornerstone 
of  product  development  across  its  hard¬ 
ware,  software  and  services  lines. 

For  the  z990,  there’s  On/Off  Capacity  on 
Demand.  With  this  feature,  customers  can 
power  up  additional  server  engines. 

“The  on-demand  aspect  is  a  step  in  a 
good  direction,”  says  Fred  Betito,  a  director 
with  Levi  Strauss’  IT  Technical  Architecture 
Group.“Being  able  to  just  —  over  the  phone 
—  increase  your  capacity  is  something  that 
is  of  great  value.”  Levi  Strauss  recently 
switched  from  Unix  to  an  IBM  z900  main¬ 
frame  to  run  its  SAP  database  server. 

“The  fact  that  you  can  turn  on  and  turn 
off  processing  power  and  only  pay  for  it 
when  it  is  used  is  likely  to  be  very  interest¬ 
ing  to  large  transaction  clients,  si  nee  many 
deal  with  seasonal  demand,” says  Paul  Mer- 
curio,  senior  vice  president  and  CIO  at 
Mobil  Travel  Guide  in  Park  Ridge,  III. 

Shipping  mainframe  systems  preloaded 
with  extra  capacity  that  can  be  turned  on 
through  software  isn’t  a  new  concept  — 
IBM  was  a  pioneer  of  capacity  on  demand 
long  before  it  occurred  to  anyone  in  the 
Unix  camp,  Haff  says.“But  that  capacity  on 
demand  was  only  about  growing  capacity, 

See  T-Rex,  page  20 


3Com  boosts  fiber 
switch  to  secure  nets 


■  BY  PHIL  HOCHMUTH 
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Boasting  about  200  million  users, 
Microsoft’s  Passport  authentication 
service  is  clearly  the  800-pound  goril¬ 
la  of  so-called  “single  sign-on.”  While  Micro¬ 
soft  can,  no  doubt,  deal  with  its  current 
security  issues,  there  are  enough  other 
issues  with  the  service  that  many  users  like¬ 
ly  will  just  take  a  pass. 

Passport  is  all  about  numbers  —  large 
numbers  and  200  million  users  is  enough 
to  get  anyone’s  attention.  But  just  because 
these  millions  are  signed  up  doesn’t  mean 
that  they  are  eager  to  use  the  service  —  or 
even  use  it  frequently 
Not  surprisingly,  Microsoft  has  made 
Passport  mandatory  for  those  who  sub¬ 
scribe  to  paid  services  such  as  Microsoft 
Developer’s  Network.  Add  to  this  MSN 
Hotmail  and  MSN  Messenger  and  you’re 


No  Passport,  no 

already  into  the  many  millions.  Even 
though  the  service  is  4  years  old,  there  are 
only  about  100  sites  listed  in  the  Passport 
directory. 

And  when  you  look  closer,  you’ll  note 
that  about  one-quarter  of  those  sites  are 
owned,  in  whole  or  in  part,  by  Microsoft. 
EBay  is  a  Passport  partner  that  is  cited 
over  and  over  again.  In  the  directory,  eBay 
is  listed  a  dozen  times  —  once  for  each 
country  site.  Where  is  the  momentum 
when  after  four  years  only  about  80  non- 
Microsoft  companies  are  listed?  Why 
haven’t  more  joined? 

Large  numbers  again  play  a  role.  This 
time  it  is  the  large  number  of  dollars  that 
businesses  need  to  pay  to  experience  the 
joy  of  Passport  authentication.  According 
to  the  Microsoft  Passport  Web  site,  compa¬ 
nies  large  and  small  pay  a  yearly  “provi¬ 
sioning”  fee  of  $10,000  plus  a  “periodic 
compliance  testing  fee”  of  $1,500  (see 
www.nwfusion.com,  DocFinder:  6034). 

This  shocked  me.  While  this  is  nothing  to 
current  Passport  companies  such  as  Star- 
bucks,  USA  Today  and  NASDAQ,  it  is  not  a 


problem 

fee  that  most  small  to  midsize  businesses 
would  want  to  pay.  Microsoft  should  take  a 
lesson  from  itself  and  give  away  access  to 
gain  market  share.  Or  it  should  at  least 
establish  a  range  of  fees  to  accommodate 
smaller  companies  and  guarantee  a  cost 
cap  for  three  years. 

Using  Passport  doesn’t  eliminate  the 
need  for  a  Web  site  owner  to  write  and 
maintain  a  user  database,  it  only  elimi¬ 
nates  the  need  to  maintain  the  authenti¬ 
cation  credentials  (such  as  the  pass¬ 
word). 

All  this  aside,  we  need  to  deal  with 
whether  single  sign-on  is  a  good  idea.  For 
practical  reasons,  Passport  uses  password- 
based  authentication.  And  it  is  the  alleged 
insecure  handling  of  those  passwords  that 
has  been  the  central  theme  of  the  recent 
brouhaha  around  Passport. 

Even  resolving  the  current  issue  does 
not  fix  the  problem. The  issue  still  remains 
that  anyone  who  has  access  to  my 
Passport  password  can  access  my 
account  at  any  and  all  Passport  sites.The 
more  successful  the  service  becomes,  the 
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bigger  the  problem  a  security  breach 
would  become. 

Without  a  more  secure  authentication 
scheme  —  such  as  a  token  or  some  bio¬ 
metric  reader  —  the  password  becomes 
everything.  And  it  becomes  a  bigger  lure 
for  those  interested  in  identity  theft. 

Microsoft  brags  that  with  Passport,  “you 
can  tailor  sign-on  pages  to  match  your  site 
design,  providing  a  seamless  experience 
for  your  customer? That’s  right  —  and  pro¬ 
viding  a  perfect  setup  for  identity  theft. 

All  one  needs  to  do  is  build  a  faux  Pass¬ 
port  site,  offering,  say,  a  free  credit  report 
for  visiting  the  site,  prompt  the  user  for  his 
Passport  credentials  and  voila,  we  have 
identity  theft  that  can  be  carried  out  with 
middle-school  programming  experience. 

With  such  fundamental  problems,  it’s  no 
wonder  that  momentum  is  so  slow 
to  build. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Manasquan,  N.J.  He  can  be 
reached  at  ktolly@tolly.com. 
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not  shrinking  it,”  he  says.  “This  is  the  first 
time  that  you’ve  effectively  been  able  to 
timeshare  on  your  own  IBM  mainframe 
gear.” 

Small  shops  welcome 

On  the  services  front,  IBM  will  use  the 
z990  to  sell  computing  power  from  its 
data  centers  on  a  utility  basis  to  cus¬ 
tomers,  letting  smaller  organizations 
take  advantage  of  mainframe  resources. 
IBM  Global  Services  is  deploying  the 
z990  in  its  On  Demand  Data  Centers, 
beginning  with  its  new  Boulder,  Colo., 
facility. 

Mobil  Travel  Guide  will  be  one  of  IBM’s 


services  customers  to  migrate  to  the 
Boulder  facility.  IBM  Global  Services  pro¬ 
vides  the  travel  guide  company  with 
access  to  Linux-based  server  processing, 
storage  and  network  capacity  from  Big 
Blue’s  e-business  hosting  centers. 

Mobil  Travel  Guide  will  benefit  from  an 
improved  hardware  and  operating  system 
environment,  Mercurio  says. 

At  this  point  the  additional  processing 
power  the  z990  offers  —  such  as  the  abil¬ 
ity  to  handle  1 1,000  Secure  Sockets  Layer 
(SSL)  transactions  per  second  —  isn’t 
imperative  for  Mobil  Travel  Guide.“We  now 
have  more  headroom  than  we  are  likely  to 
need  in  our  most  aggressive  business 
plans,”  Mercurio  says.  “It  will  be  quite  a 
while  before  we  hit  11,000  secure  SSL 
transactions  per  second.” 


T-Kex  lives 

IBM’s  new  eServer  zSeries  990  mainframe  breaks  the  16-processor 
barrier  and  nearly  triples  the  performance  of  its  predecessor,  the  z900. 


e  Available  with  eight,  16, 24  or  32  processors. 

*  Runs  Linux  and  z/VM  operating  systems. 

*  Can  process  11,000  SSL  handshakes  per 

second. 

*  Offers  On/Off  Capacity  on  Demand. 

*  Compared  with  its  predecessor,  it: 

Doubles  the  number  of  logical 
partitions  to  30. 

Quadruples  the  number  of 
HiperSockets  for  creating  internal 
LANs  to  16. 

Provides  four  times  the  memory  — 
up  to  256  gigabytes. 

Provides  double  the  I/O  capacity  — 
up  to  96  gigabytes. 


But  as  a  former  technology  executive  at 
a  major  airline,  Mercurio  appreciates  what 
such  capacity  means  for  large  companies. 
“In  that  role  I  grew  to  understand  the  ever- 
increasing  demand  for  transactional  ser¬ 
vices  at  large  companies  dealing  directly 
with  individual  consumers,”  he  says.“From 


that  perspective  the  ability  to  handle  more 
than  10,000  transactions  per  second  in  a 
single  infrastructure  is  highly  appealing  to 
any  large  customer.” 

IDG  News  Service  correspondent  Robert 
McMillan  contributed  to  this  story. 


Unisys  readies  32-processor  server 

Unisys  last  week  unveiled  some  big  iron  of  its  own.  The  1,200-pound  ClearPath 
Dorado  systems  will  be  based  on  1.5GHz  or  2GHz  Intel  Xeon  processors, 
depending  on  the  configuration,  and  will  have  a  memory  capacity  of  48G 
bytes.  The  ClearPath  Plus  Dorado  Model  140  and  Dorado  Model  180  systems 
replace  Unisys’s  ClearPath  7402  and  ClearPath  7802  models,  respectively.  They  will 
serve  as  the  high-end  counterparts  to  the  ClearPath  Plus  Dorado  Model  110. 

Running  Unisys’s  OS  2200  operating  system,  the  Model  180  can  run  as  many  as  32 
processors  in  a  single  system  image  and  have  a  maximum  processing  power  of 
2,350  million  instructions  per  second  (MIPS),  according  to  Lloyd  Cohen,  research 
director  at  I  DC.  The  Model  140  will  support  up  to  16  processors,  and  its  processing 
power  will  range  between  40  and  1,650  MIPS. 

The  Model  180  also  will  include  a  "performance  redistribution"  feature  that  will  let 
administrators  decide  how  many  microprocessors  to  assign  to  any  one  application. 
“You  have  the  freedom  to  partition  the  MIPS  you  like,"  says  Mike  Hall,  program  mar¬ 
keting  manager  at  Unisys.  “You  decide  how  many  and  which  processors  to  use.” 

This  kind  of  performance  redistribution  will  optimize  applications  such  as  batch 
processing  and  real-time  computing,  according  to  Unisys. 

The  new  systems  also  can  furnish  extra  processing  capacity  on  demand,  which 
means  that  administrators  can  turn  extra  processors  on  and  off  whenever  they  find 
a  spike  in  demand,  Cohen  says.  Customers  will  be  able  to  turn  the  extra  processors 
on  for  periods  as  brief  as  24  hours. 

Unisys  also  introduced  technology  that  lets  customers  use  standards-based 
integration  to  mix  legacy  applications  with  the  rest  of  their  IT  infrastructure,  the 
company  says. 

This  software  will  be  used  to  run  new  types  of  programs,  such  as  application 
servers,  on  the  mainframe,  says  Jean  Bozman,  vice  president  at  IDC.  “They  have  to 
acknowledge  that  there  are  these  new  workloads  that  they  have  to  bring  on,  espe 
daily  as  they’re  competing  with  IBM,"  she  says. 

Pricing  and  availability  were  not  announced. 

—  Robert  McMillan 
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Fixed  content  storage  grabs  users’  attention 


■  BY  DENI  CONNOR 

Users  need  to  start  evaluating  their  options  regarding 
storage  of  fixed  content  data  now  that  analysts  have 
predicted  it  will  consume  more  than  half  of  a  cor¬ 
poration  s  storage  resources  by  2005. 

Fixed  content  storage  consists  of  data  such  as  digital 
images,  email  messages,  presentations,  video  content, 
medical  images  and  check  images  that  don’t  change  over 
time.  Unlike  transaction-based  data,  whose  usefulness  is 
short,  fixed  content  data  must  be  kept  for  long  periods  of 
time,  often  to  comply  with  retention  periods  and  provi¬ 
sions  that  government  regulations  such  as  the  Sarbanes- 
Oxley  Act  of  2002  have  specified. 

Analyst  firms  such  as  The  Yankee  Group  say  that  the 
market  for  fixed  content  data  will  grow  from  308,000  tera¬ 
bytes  this  year  to  1 ,251 ,900  terabytes  in  2006.  Enterprise 
Storage  Group  says  that  fixed  content  reference  informa¬ 
tion  will  represent  54%  of  all  data  by  2005  and  will  grow 
faster  than  that  of  traditional  transaction-based  and  file- 
oriented  storage. 

While  fixed  content  storage  consists  of  a  variety  of  data 
that  must  be  referenced  and  addressed,  it’s  a  huge  market 
nonetheless,  which  requires  some  unique  capabilities  to 
store  it  and  differentiate  it  from  short-lived  transaction- 
based  data. 

A  number  of  issues  are  driving  the  growth  of  fixed  con¬ 
tent,  analysts  say. 

“The  biggest  one  is  compliance,”  says  Jamie  Gruener.a 
senior  analyst  for  The  Yankee  Group.“Compliance  is 
multidimensional  —  not  only  do  you  need  to  save  the 
information  in  an  indexed  way, you  also  need  to  be 
able  to  access  the  information  at  a  fairly  rapid  rate.  And 
in  some  cases,  it  has  to  be  preserved  in  an  unaltered, 
unrewritable  state.” 

Other  issues  include  the  type  of  media  used  for  storing 
fixed  content  data  and  its  cost. 

WORM,  RAID  and  other  issues 

Unlike  transaction  data,  fixed  content  data  can  be 
stored  on  equipment  that  has  subsecond  access  times. 
Because  of  this,  it  has  traditionally  been  stored  on  write 
once  read  many  times  (WORM)  tape, disk  or  optical 
media  instead  of  more  expensive  spinning  disks  such  as 
RAID  arrays  from  EMC.  Hitachi,  HP,  IBM  or  Sun,  which 
transaction  data  requires. 

“Customers  need  a  different  type  of  storage  system  — 
one  that  is  able  to  handle  more  concurrent  users  and 
allow  access  to  a  point  that  makes  sense,”  Gruener  says. 
"Tape  is  going  to  be  great  if  you  are  archiving  and  don’t 
need  access  to  data,  but  there  are  compliance  regulations 
now  that  require  you  to  be  able  to  get  to  data  within  a  24- 
hour  [period.  With  tape  that  is  not  always  possible.” 

Users  are  starting  to  use  Advanced  Technology  Attach¬ 
ment  (ATA)  drives  to  store  fixed  content  data.  Commonly 
used  in  desktop  computers,  ATA  drives  are  inexpensive 
and  capable  of  writing  data  twice  as  fast  and  retrieving 
data  five  to  ten  times  as  fast  as  tape,  Enterprise  Storage 
Group  says. 

“1  hear  from  customers  about  aligning  the  storage  sys¬ 
tem  performance  and  file  access  performance  with  the 
number  of  times  it  is  accessed,"  Gruener  says.“lf  you  are 
archiving  data,  there’s  the  assumption  you  don’t  need  to 


access  that  data  every  day  because  its  archived.  But  in 
some  of  these  content  arenas,  you  will  need  to  access  the 
data  on  a  regular  basis,  and  it  needs  to  be  served  up  to 
multiple  customers.” 

Among  the  companies  deploying  fixed  content  storage 
systems  is  St. Vincent  Hospital  and  Health  Services  in 
Indianapolis.  Rich  Banta,  senior  enterprise  systems  engi¬ 
neer  at  St. Vincent,  was  confronted  with  a  growing 
amount  of  data  that  the  organization’s  McKesson  ALI 
UltraPACS  (Picture  Archiving  and  Communications 
System)  created. 

Banta  chose  a  deep  archiving  system  last  year  —  the 
StorageTek  BladeStore,  which  is  managed  by  StorageTek’s 
Application  Storage  Manager  and  saves  data,  when  it  is 
no  longer  needed,  to  libraries  that  StorageTek  Automated 
Cartridge  System  Library  Software  manages. 

“Right  now,  the  BladeStore  is  configured  for  four  tera- 


Tips  for  deployment  of 
fixed  content  storage 

•  Focus  on  the  business  problem  you  are  trying  to 
solve.  If  you  can’t  make  a  business  case  for  it,  you 
won’t  be  able  to  make  a  technology  case  for  it. 

•  Look  for  pain  points  in  the  business.  For  example, 
are  you  trying  to  overcome  the  management  of  large 
quantities  of  physical  documents? 

•  Determine  how  often  the  data  needs  to  be 
accessed  and  how  it  will  be  saved. 

•  Determine  the  access  rate  and  performance 
needed.  If  data  doesn’t  need  to  be  served  up 
often,  you  might  not  need  high  performance,  but 
something  that  will  store  the  data  for  the  required 
retention  period. 


bytes,  but  we  are  going  to  scale  it  up  to  12,”  Banta  says. 
“We  will  be  able  to  keep  about  10  to  12  months  of  our 
PACS  radiology  data  accessible  within  milliseconds.” 

He  says  that  after  a  year,  the  recall  rates  of  PACS  data 
falls  off  precipitously 

Banta  considered  archiving  such  information  on  his 
StorageTek  L700  tape  libraries  immediately  after  it  was 
scanned  into  the  PACS,  but  rejected  tape  because  of  its 
retrieval  time. 

“If  you  pull  it  off  of  tape,  whether  it’s  remote  [across  the 
network]  or  from  a  local  drive,  it’s  going  to  take  68  sec¬ 
onds,”  Banta  says. 

He  chose  StorageTek’s  BladeStore  instead,  which  uses 
ATA  drives. 

“The  ATA  drives  are  inexpensive,”  Banta  says.They  cost 
about  a  penny  a  megabyte. The  architecture  of  this  sys¬ 
tem,  including  making  two  back-up  copies  to  tape,  came 
out  to  four  cents  a  megabyte.” 

By  contrast, storing  fixed  content  to  SCSI  drives  costs  3 
to  5  cents  per  megabyte  and  Fibre  Channel  7  to  15  cents 
per  megabyte,  according  to  Giga  Information  Group. 

But  Banta  still  is  looking  for  a  system  for  long-term  stor¬ 


age  of  automated  medical  records. 

“The  BladeStore  is  not  considered  to  be  a  hard  enough 
WORM  media  for  the  authoritative  record, so  that  still 
goes  to  our  optical  FileNet  [Enterprise  Content  Manage¬ 
ment  system] ,”  Banta  says.“We  are  exploring  devices  to 
make  this  true  WORM  through  very  strict  tracking  mecha¬ 
nisms,  but  it’s  not  passing  our  muster  now. The  BladeStore 
is  simply  a  long-term  deep  archive." 

Object-oriented  storage 

Enter  Centera,  an  object-oriented  storage  system  that 
EMC  introduced  last  year. 

Traditionally, storage  is  viewed  as  either  blocks  or  files  of 
data  that  are  subject  to  being  retrieved  from  a  specific 
location  and  media  type.  Block-oriented  data  resides  on 
Fibre  Channel  storage-area  networks  and  direct-attached 
storage;  file-oriented  data  on  network-attached  storage. 

In  object-oriented  storage,  each  piece  of  data  is  repre¬ 
sented  as  an  object  and  automatically  is  assigned  a 
unique  digital  identifier  or  fingerprint.  The  fingerprint  is 
used  to  retrieve  the  object,  irrespective  of  its  location  and 
placement,  whether  on  tape,  spinning  disk  or  ATA  media. 
As  data  moves  from  disk  to  tape  during  its  life  cycle,  its  fin¬ 
gerprint,  sometimes  called  metadata,  tracks  its  location, so 
that  it  can  be  retrieved  quickly  and  so  that  related  data 
objects,  such  as  X-rays  and  test  results  for  a  patient,  can  be 
correlated  coherently 

The  same  digital  fingerprint  identifies  not  only  the  loca¬ 
tion  of  the  data  but  its  character.  For  instance,  an  X-ray 
that  is  stored  on  optical  media  could  be  associated  with 
a  keyword  in  a  document  management  system  and  from 
there  to  the  patient’s  chart  and  prescription  information. 

Robert  Terdeman, senior  vice  president  and  CTO  for 
Rogers  Medical  Intelligence  Solutions  in  New  York  City 
chose  Centera  to  store  the  volumes  of  clinical  informa¬ 
tion  Rogers  sells  to  pharmaceutical,  biotechnology  firms 
and  healthcare  professionals.  He  combines  it  with  Docu- 
mentum’s  enterprise  content  manage'ment  platform, 
which  organizes  the  data  before  handing  it  off  to  Centera 
for  storage. 

“A  lot  of  our  collateral  comes  in  on  paper, "Terdeman 
says.“We  take  it  and  extract  key  words  and  store  the  col¬ 
lateral  on  the  EMC  Centera.  We  are  constantly  asked  to  go 
back  and  look  for  this  piece  of  information  or  that  docu¬ 
ment,  and  we  can  never  throw  it  away. 

“Data  could  be  relevant  10  or  12  years  down  the  road,” 
he  says.“For  instance,  with  our  Retrospective  Data  Anal¬ 
ysis,  you  can  search  back  12  years  on  urinary  tract  infec¬ 
tions.  We  have  the  largest  repository  of  unpublished  med¬ 
ical  information  in  the  world.” 

Before  using  Centera,  Rogers  had  cabinets  of  paper 
records  that  took  hours  to  dig  through  to  extract  infor¬ 
mation. They  weren’t  easily  accessible  to  people  who 
needed  information. 

A  year  ago, Terdeman  started  to  redesign  the  informa¬ 
tion  network  for  the  company,  which  had  a  100  people 
and  was  unprofitable. 

With  Centera, Terdeman  went  from  negative  profitability 
to  “roughly  $2  million  profitability  We  reduced  the  head 
count  from  100  to  71  solely  based  on  the  implementation 
of  scanning  and  the  Centera  technology  The  five  terabytes 
of  the  Centera  was  less  than  the  fully  loaded  support  cost 
of  one  technician,”  he  says.“By  that  itself.it  was  justified."  ■ 
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Takes 

■  Hoping  to  expand  its  use  beyond 
the  desks  of  technical  users  and 
into  corporate  offices,  Microsoft 
is  adding  features  to  Visio  that  aim 
to  turn  it  into  a  business-intelli¬ 
gence  tool  and  says  a  beta  of  the 
product  will  be  available  midyear.  IT 
professionals  are  familiar  with  Visio 
and  use  the  software  for  tasks 
such  as  network  diagramming  and 
Web  site  mapping.  Microsoft  Office 
Visio  2003,  due  out  in  the  third  quar¬ 
ter,  will  have  a  host  of  new  features 
that  connect  the  application  to 
enterprise  applications  and  help 
companies  analyze  their  business 
processes,  Microsoft  says.  With 
support  for  XML  and  Microsoft’s 
.Net  Web  services  platform,  users 
will  be  able  to  tie  diagrams  to  live 
data  sources.  For  example,  changes 
made  to  a  Visio  diagram  could  be 
reflected  automatically  in  a  data¬ 
base  and  vice  versa.  Microsoft 
plans  to  start  its  first  public  Visio 
2003  beta  in  mid-  to  late  June. 

Users  can  sign  up  for  that  beta 
starting  this  week  at  www.micro 
soft.com/office/preview/visio/. 
Pricing  has  not  been  set. 

■  Next  month,  SAP  is  scheduled 

to  ship  a  new  version  of  its  supply- 
relationship  management  soft¬ 
ware  with  several  enhancements, 
including  live  auctions  and  supplier 
portals.  The  enhanced  version  of 
mySAP  SRM  will  let  customers, 
for  instance,  operate  live  auctions 
that  can  track  supplier  bids  graphi¬ 
cally  in  real  time,  the  software  com¬ 
pany  says.  The  new  release  also  will 
support  procurement  of  services, 
such  as  temporary  labor  and  con¬ 
sulting,  with  new  processes  for 
cost  management,  while  offering 
an  adaptive  user  interface  that 
could  cater  to  varying  skill  levels, 
according  to  SAP.  A  new  supplier 
portal  will  streamline  buyer-supplier 
relationships  by  facilitating  the 
ordering  process,  in  addition  to 
providing  optional  links  to  additional 
SAP  modules  for  design  and  inven¬ 
tory  collaboration.  Pricing  hasn't 
been  set. 


Apache  earning  its  stripes 

■  BY  JENNIFER  MEARS  f 


Serving  up  open  source 

Apache  is  the  most  widely  used  Web  server,  but  as  Web  servers  start 
handling  more  critical  applications,  some  issues  could  arise. 


Cons: 


•  Finding  expertise;  to  get  the  most  out 
of  the  Web  server,  you  need  an  Apache 
expert  on  staff. 

•  Challenging  to  administer,  Apache  doesn't 
offer  easy-to-use  management  tools  and 
user  interfaces  found  in  commercial 
products  (though  Covalent  provides  man¬ 
agement  tools  and  support  for  Apache). 

•  The  Microsoft  factor;  Microsoft  bundles 
IIS  with  its  operating  system. 

v _ 


•  It's  free,  a  definite  plus  in  these 
economic  times. 


•  Flexibility;  open  source  code  can  be 
easily  modified  to  meet  specific  needs. 

•  Stability;  when  issues  arise,  the  open 
source  community  responds  quickly  to 
solve  problems. 

•  Interoperability;  Apache  runs  on 
multiple  platforms. 


Apache,  the  popular  Web  server  that 
runs  a  majority  of  sites  on  the  Internet,  is 
poised  for  growth  in  enterprise  data  cen¬ 
ters  as  companies  Web-enable  business 
applications. 

“Web  servers  are  becoming  increasingly 
important  as  more  and  more  applications 
are  built  to  be  accessed  using  a  Web 
browser,”  says  Dan  Kusnetzky  vice  presi¬ 
dent  of  system  software  at  1DC,  which  pre¬ 
dicts  that  the  Web  server  software  market 
will  jump  from  $852  million  in  2002  to 
about  $1.7  billion  in  2007. 

Those  figures  don’t  include  free  soft¬ 
ware  such  as  Apache,  Kusnetzky  points 
out,  but  he  says  that  as  Linux  becomes 
more  widely  used  in  enterprise  installa¬ 
tions,  Apache  is  likely  to  be  the  Web  ser¬ 
ver  that  goes  with  it. 

In  addition,  because  Apache  runs  on 
multiple  platforms,  it  can  be  used  to  con¬ 
solidate  access  to  Web-based  applica¬ 
tions  running  on  heterogeneous  systems. 
With  other  offerings  such  as  Sun’s  Sun 
One  Web  server  and  Microsoft’s  Internet 
Information  Server,  users  typically  are 
tied  to  the  vendor’s  platforms,  Kusnetzky 
says. 


■  BY  TIM  GREENE 

Cisco  is  wheeling  out  a  smorgasbord 
of  security  upgrades  and  advanced 
threat-protection  technologies  in  an 
effort  to  help  users  integrate  security 
management. 

The  company  rolled  out  14  security- 
related  packages,  including  upgrades  to 
its  security  management  software  to  make 
it  easier  to  manage  security  and  to  sup¬ 
port  networks  consisting  of  tens  of  thou¬ 
sands  of  secure  sites.  Cisco  is  adding  a  fea¬ 
ture  it  calls  Cisco  10S  AutoSecure,  an 
option  to  lock  down  routers  quickly  via  a 
typed  command  that  disables  nonessen¬ 
tial  functions  of  the  operating  system  and 
enforces  secure  access  to  the  router. 

The  company  is  introducing  Security 
Device  Manager,  a  management  tool  to 
configure  individual  firewalls  and  VPNs 
on  the  Cisco  830  and  Cisco  3700  access 
routers.  The  software  also  can  evaluate 
router  configurations  and  recommend 
changes  that  will  boost  security. 


About  two-thirds  of  active  Web  sites  use 
Apache,  according  to  technology  tracking 
company  Netcraft.  By  contrast,  Microsoft 
accounts  for  just  one-quarter  of  Web  sites, 
and  Sun  One  has  about  1%. 

A  challenge  for  Apache  as  it  moves  into 
enterprise  data  centers,  however,  is  that  it 
doesn’t  provide  the  management  tools 
and  user  interfaces  that  companies  are 
used  to  with  commercial  products.  Cova- 


Also  on  tap  from  Cisco: 

•  CiscoWorks  Security  Information  Man¬ 
agement  Solution,  which  has  been  up¬ 
graded  to  make  it  easier  to  analyze  logs  of 
network  security  events  to  rank  the  sever¬ 
ity  of  threats  so  users  can  improve  man¬ 
agement  of  security  gear. 

•  Cisco  IP  Solution  Center  Security  Tech¬ 
nology  Module,  which  has  been  upgraded 
to  handle  management  of  tens  of  thou¬ 
sands  ofVPN  endpoints  and  firewalls.The 
software  centralizes  security  policies  for 
firewalls  and  VPNs,  and  supports  deploy¬ 
ing  and  managing  them. 

•  CiscoWorks  VPN/Security  Manage¬ 
ment  Solutions,  which  has  been  upgraded 
to  run  on  Cisco  Catalyst  6500  firewall  and 
VPN  hardware  modules.  It  can  monitor 
Cisco  IDS  intrusion-detection  software 
Version  4.0  along  with  new  Cisco  Security 
Agent  software  that  was  acquired  when 
Cisco  bought  Okena  in  January. 

•  New  cards  for  Cisco  2600  and  7200 
routers  and  Cisco  VPN  3000  concentra- 

See  Cisco,  page  25 


lent  Technologies,  a  company  formed  by  a 
group  of  Apache  developers,  is  addressing 
that  problem  by  providing  enterprise 
products  and  support  for  Apache  deploy¬ 
ments.  Its  customers  include  Johnson  & 
Johnson,  General  Electric  and  Fidelity 
Investments. 

“There  is  growing  adoption  of  Apache 
in  Fortune  1000-type  companies,  and 
those  companies  are  used  to  having 
products  that  have  an  enterprise-ready 
set  of  characteristics,”  says  John  Jack, 
CEO  of  Covalent. 

“In  other  words,  you  can  install  them, 
you  can  update  them,  you  can  manage 
them.  Those  companies  also  are  used  to 
having  an  enterprise-class  vendor  behind 
the  product  so  that  there  is  somebody  to 
call  for  support  services,  questions,  what¬ 
ever.  Covalent  provides  those  things,”  he 
says. 

Pacific  Life  Insurance  Company  in  New¬ 
port  Beach,  Calif.,  began  using  the  Apache 
Web  server  several  years  ago  to  support  a 
Web-based  version  of  its  human  resources 
application.  It  chose  Apache  because  of 
its  Unix  roots  and  because  of  the  security, 
stability  and  scalability  the  product  offers, 
says  Scott  Johnson,  assistant  vice  presi¬ 
dent  of  human  resources  technology  at 
Pacific  Life. 

As  its  Web-based  applications  have 
become  more  sophisticated  and  more 
widely  used,  however,  Pacific  Life  turned 
to  Covalent  for  help. 

“We  needed  a  vendor  that  could  ease 
the  administration  tasks  of  managing  the 
Apache  environment,”  Johnson  says. 
“Covalent  provided  us  with  an  Apache 
See  Apache,  page  25 
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In  a  recent  Dell  test,  running  Oracle®  9/ on  a  Dell  server  solution  had  anywhere  from  a  3x 
to  8x  price/performance  advantage  over  Sun’.  Whether  using  an  Intel1  Xeon”  processor-based  4P 

PowerEdge'”  6650  or  2P  PowerEdge  2650,  the  Dell  solution  was  faster  and  less  expensive  than 
a  Sun  Fire  V480  solution.  To  see  complete  test  results,  go  to  www.dell.com/migration12. 

There's  little,  if  any,  debate:  Migrating  from  UNIX  to  a  standards-based  solution  lowers  TCO.  The 
real  questions  are  "How  does  it  perform?"  "How  much  will  it  lower  TCO?"  and  "Who  do  we  turn 
to?"  Well,  when  you  migrate  to  open  standards,  remember  this:  Dell  gives  you  both  mind-bending 
performance  and  unparalleled  expertise,  at  a  TCO  so  small  you'll  need  a  microscope  to  find  it. 
And  the  entire  solution  is  backed  by  enterprise  level,  24/7  service  and  support. 


The  migration  is  on.  Find  out  how  you  can  make  the  most  of  it  for  your  organization.  Call 
1-877-440- DELL,  or  go  to  the  Dell  UNIX  Migration  online  calculator  at  www.dell.com/migration12 
to  see  how  a  Dell  solution  can  lower  your  migration  costs  and  help  simplify  the  transition. 


Get  more  out  of  your  enterprise  for  less.  Easy  as 


D*LL 


Click  www.dell.com/migration12  Call  1-877-440-DELL 

toll  free 
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I’ve  seen  a  number  of  theories  about 
just  what  the  heck  The  SCO  Group  is 
trying  to  accomplish  in  suing  IBM  for  a 
billion  dollars,  but  collecting  a  billion  dol¬ 
lars  is  not  one  of  the  believable  theories. 

The  plot  so  far  has  SCO  deciding  to  sue 
IBM  for  unfair  competition  and  breach  of 
contract. SCO  said:“lBM  made  concentrat¬ 
ed  efforts  to  improperly  destroy  the  eco¬ 
nomic  value  of  Unix,  particularly  Unix  on 
Intel,  to  benefit  IBM’s  new  Linux  services 
business." 

(As  an  aside,  having  tried  to  use  SCO’s 
Unix,  I’m  not  sure  how  IBM  could  do  a 
more  effective  job  of  destroying  the  eco¬ 
nomic  value  of  SCO  Unix  than  SCO  has 
been  doing  on  its  own.) 

SCO  says  that,  while  doing  research  to 
support  the  suit,  it  found  a  number  of 
places  where  SCO  secret  software  code 


Slime  for  sale 

was  used  in  Linux.The  company, at  least  in 
part,  blames  IBM  for  the  code  being  there. 
SCO  says  it  will  cancel  IBM’s  Unix  license, 
which  IBM  needs  in  order  to  ship  its  ver¬ 
sion  of  Unix  called  AIX,  in  the  middle  of 
June  because  of  the  violations.  Then,  in 
spite  of  claiming  that  it  is  not  out  to  de¬ 
stroy  Linux,  SCO  sent  mail  to  1,500  corpo¬ 
rate  users  of  Linux  strongly  hinting  that 
SCO  might  come  after  them  next. 

Considering  it  had  a  market  cap  of  only 
$12  million  or  so  when  it  filed  the  suit, 
SCO  is,  at  best,  showing  considerable 
chutzpah  in  asking  for  a  billion  dollars.  1 
expect  that  the  amount  was  chosen 
merely  to  attract  attention.  There  is  no 
rational  way,  without  IBM’s  alleged  activi¬ 
ties,  to  imagine  that  SCO  would  be  80 
times  its  current  size  —  considering  the 
products  that  SCO  is  trying  to  sell  and  its 
track  record  of  nonsuccess. 

The  most  believable  theory  on  SCO’s 
intentions  is  that  the  company  is  trying  to 
get  IBM  to  buy  it.  Many  folks  on  Wall  Street 
seem  to  share  this  theory  because  the 
stock  value  has  quintupled  since  the  suit 
was  filed.  Following  this  theory  the  warn¬ 


ing  letters  were  merely  a  way  to  increase 
pressure  on  IBM.  Sort  of  like  a  vandal 
spray  painting  obscene  graffiti  on  the 
homes  of  a  hated  corporation’s  board 
members. 

But  this  graffiti  is  more  like  spraying 
acid;  it  is  a  callous  effort  to  threaten 
destruction  of  Linux  as  a  bargaining  ploy. 
One  has  little  reason  these  days  to 
respect  corporate  executives,  so  this  type 
of  behavior  should  come  as  no  surprise, 
but  that  does  not  keep  one  from  feeling 
disgusted. 

I  expect  that  SCO  will  succeed  in  at  least 
part  of  its  objective.  Someone  will  pay  off 
the  slime;  it’s  cheaper  than  fighting  the 
case.  And  that  makes  me  sad  and  mad. 

Disclaimer:  Folk  at  the  Harvard  biology 
department  grow  slime,  but  the  university 
researchers  do  not  then  pay  off  the  slime 
they  grow,  nor  has  the  university  ex¬ 
pressed  an  opinion  on  this  case. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@ 
sobco.  com. 


Visit  www.dell.com/migrationl2  and  go 
to  the  Dell  UNIX  Migration  online  calculator 
for  a  free  migration  assessment.  A  Dell 
UNIX  migration  solution  comes  complete 
with  end-to-end  Fast  Track  Migration 
services  covering  applications  such  as 
Oracle,  C/C++,  Sybase  to  SQL  Server, 
Java  and  a  full  range  of  Web  applications. 
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continued  from  page  23 

bundle  that  pulls  together  all  the  compo¬ 
nent  pieces  we  need  [mod_ssl,mod-ldap, 
Tomcat]  for  ease  of  installation,  manage¬ 
ment  and  third-party  support.” 

The  allure  of  Apache,  users  say,  is  its  flex¬ 
ibility  and  the  almost-obsessive  support 
from  the  open  source  community  and,  in 
these  economic  times,  its  cost  —  the 
Apache  Web  server  is  free. 

“We’d  been  using  [a  commercial  Web 
server]  for  a  couple  of  years,  and  we  just 
weren’t  happy  about  the  commercial  sup¬ 
port  we  were  getting  for  high-capacity 
sites,”  says  Mark  Kortekaas,  vice  president 
of  operations  for  CBS  Information  Systems 


Cisco 

continued  from  page  23 

tors,  which  accelerate  VPN  encryption  for 
Triple-DES  and  Advanced  Encryption 
Standard  encryption. 

•  A  new  version  of  Cisco’s  VPN  client 
software  for  PCs,  which  supports  multime¬ 
dia  applications  and  peer-to-peer  applica¬ 
tions  through  firewalls. 

•  A  new  router  card  called  Access 
Router  IDS  Network  Module,  which  han¬ 
dles  intrusion  detection  at  45M  bit/sec; 
and  a  free-standing  IDS  appliance  called 
Cisco  IDS  4215  Sensor,  which  handles  in¬ 
trusion  detection  at  80M  bit/sec  and  sup¬ 
ports  up  to  five  subnets.  Both  products 
support  Cisco  IDS  4.1  that  screens  on 
peer-to-peer  applications  that  might  be 
banned  by  corporate  policy  and  checks 
whether  operating  systems  have  been 
patched  against  known  attacks  to 


The  allure  of  Apache,  users  say,  is  its  flexibility 
and  the  almost-obsessive  support  from  the 
open  source  community. 


in  New  York. 

Kortekaas  found  the  reliability  and  sta¬ 
bility  he  was  looking  for  in  Apache  and 
runs  about  100  instances  of  Apache  to 
support  dozens  of  news  sites. 

“We  had  issues,  and  we  were  able  to 
resolve  them  using  the  open  source 
model  of  Apache  by  modifying  the  source 
code  to  handle  capacity  as  well  as  for 
some  business  needs  we  had,”  he  says. 

As  for  technical  support,  Kortekaas  says 


reduce  the  number  of  false  alarms 
it  issues. 

CiscoWorks  Security  Information  Man¬ 
agement  Solution  software  starts  at 
$40,000.  Cisco  IP  Solution  Center  Security 
Technology  Module  starts  at  $6,000. 

CiscoWorks  VPN/Security  Manage¬ 
ment  Solutions  starts  at  $8,000. The  new 
VPN  acceleration  cards  range  from 
$1,750  to  $35,000.  Cisco  Security  agent 
starts  at  $1,950.  The  Access  Router  IDS 
Module,  available  in  July,  costs  $5,000 
and  the  IDS  Sensor,  available  in  June, 
costs  $7,300.  The  rest  of  the  new  gear  is 
available  now.  ■ 


Subscribe  to  our  free  newsletter. 
DocFinder  5434  www.nwfusion.com 


when  issues  such  as  security  vulnerabilities 
are  uncovered,  Apache  is  quick  to  provide 
fixes.“We  see  patches  come  out  on  a  regu¬ 
lar  basis,”  he  says.  “We  didn’t  see  patches 
come  out  real  regularly  with  the  commer¬ 
cial  software  we  were  using.” 

Critics  say  the  trouble  with  patches  for 
open  source  software  such  as  Apache  is 
that  there  is  often  no  single  source  for  the 
patch.  It’s  also  tough  to  track  down  who  is 
using  the  software.  On  the  other  hand, 
commercial  software  vendors  are  some¬ 
times  slow  to  respond  to  problems, 
experts  say 

The  Apache  Software  Foundation  says 
it  is  focused  on  keeping  the  software 
bug-free.  Apache  2.0  has  been  updated 
seven  times  since  its  general  release 
in  April  last  year.  With  Apache  2.0,  users 
get  better  performance  thanks  to  a  num¬ 
ber  of  improvements,  including  a  new 
threading  model  and  updated  modules. 

Apache  2.0.45,  which  was  released  last 
month, “addressed  two  security  concerns: 
one  which  would  occur  if  third-party  mod¬ 
ules  did  not  correctly  use  the  Apache  API 
functions  when  calling  external  programs 
.  .  .  and  the  other  to  close  a  potential 
denial-of-service  attack,” says  Jim  Jagielski, 
a  charter  member  of  the  Apache  Software 
Foundation. 

“Development  on  Apache  is  always  pro¬ 
gressing.  As  such,  we’re  always  adding  new 
features,  tuning  performance,  closing 
bugs,”  he  says.  ■ 


Call  1-877-440-DELL  today  to  speak 
with  a  Dell  representative.  Together,  you 
can  assess  your  individual  needs  and 
then  develop  a  cost-effective  plan  for 
UNIX  migration. 
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Click  www.dell.com/migration12 
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You’ve  got  to  increase  capacity.  Boost  revenue.  Migrate  to  IP. 

And  do  it  all  over  your  existing  network.  At  lower  cost. 

No  one  leverages  your  network  investment  like  Lucent.  We  can  help  you: 

✓  Transform  your  circuit-switched  network  to  enable  new  services  such  as  IP  Centrex 
and  hosted  call  centers,  with  our  new  5E-XC'”  software. 

✓  Bring  Ethernet,  wavelength  and  storage  services  to  your  existing  SONET/SDH  network. 

✓  Leverage  your  current  Frame  Relay  and  ATM  networks  to  deliver  IP  Services 
such  as  VPN  and  managed  bandwidth. 

With  Lucent’s  Wav/s®  iOperations  software,  you  can  generate  revenue  from  new  services  without 
additional  OS  investment.  And  the  networking  experts  of  Lucent  Worldwide  Services  can  get  it 
all  working  for  you  fast.  Learn  how  at  www.lucent.com. 

Networks  that  work  smarter.  Networks  that  work  harder.™ 
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FGG  hopes  to  fuel  wireless  competition 

Recent  revisions  to  rules  bode  well  for  spectrum  sharing  in  rural  areas,  regulators  say. 


Access  to  spectrum  is  critical  to  develop¬ 
ment  of  a  wireless  broadband  platform. 


Michael  Powell 

Chairman,  FCC 


■  BY  DENISE  PAPPALARDO 

Wireless  service  providers  now  can  more 
easily  swap,  share  and  lease  spectrum, 
based  on  a  recent  FCC  move  to  revise  rules 
that  pertain  to  spectrum  ownership. 

The  commission’s  decision  earlier  this 
month  is  expected  to  result  in  better  wire- 


■  Equant  recently  announced  its  IP 
Video  Solution  service  bundle, 
which  the  company  says  includes 
everything  needed  to  support  video- 
conferencing.  The  carrier  is  teaming 
with  Cisco,  Genesys  Conferencing 
and  Polycom  to  support  its  service, 
which  runs  over  its  multinational  IP 
Multi-protocol  Label  Switching  net¬ 
work.  Cisco  is  providing  edge  routers, 
Polycom  is  providing  videoconferenc¬ 
ing  gear  and  installation,  and  Genesys 
is  providing  video-bridging  services. 
Although  Equant  would  not  provide 
exact  pricing,  it  compares  the  cost  to 
that  of  ISDN  services,  which  primarily 
are  priced  based  on  usage.  The  com¬ 
pany  says  eight  hours  or  more  use  of 
IP  Video  Solution  should  cost  less  than 
ISDN  video  service. 

■  MCI  has  won  a  U.S.  government 
contract  to  build  a  GSM  digital  cell 
phone  network  in  Iraq  as  part  of  a 
postwar  rebuilding  effort,  the  GSM 
Association  said  last  week.  The  con¬ 
tract  authorizes  MCI,  formerly  World¬ 
Com,  to  build  a  small  network  used 
mostly  for  humanitarian  relief  efforts. 
That  the  network  is  based  on  GSM  is 
"absolutely  critical,"  according  to  the 
association,  which  noted  that  many  of 
Iraq's  neighbors  and  most  of  the  Arab 
world  operate  on  the  standard.  The 
matter  of  which  wireless  technology 
would  be  used  became  a  political 
issue  when  a  California  lawmaker 
sought  reversal  of  an  Army  plan  to 
use  GSM  instead  of  Code  Division 
Multiple  Access  technology,  which  is 
more  prevalent  in  the  U.S. 


less  coverage  in  rural  areas  and  might  lead 
to  the  proliferation  of  broadband  services 
to  wireless  users  in  rural  areas  of  the  U.S. 

The  new  rules  let  carriers  lease  spec¬ 
trum  from  other  carriers  without  the 
FCC’s  involvement.Todaythe  commission 
is  actively  involved  in  the  process  of  spec¬ 
trum  sharing  between  carriers  and  has  the 
power  to  approve  or  reject  such  deals.  The 
revised  plan  eliminates  the  approval  pro¬ 
cess  and  is  expected  to  fuel  the  expansion 
of  wireless  service  availability 

“Access  to  spectrum  is  critical  to  devel¬ 
opment  of  a  wireless  broadband  platform,” 
FCC  Chairman  Michael  Powell  said  in  a 
statement. 


New  Alcatel 
quadruples 

■  BY  JIM  DUFFY 

Alcatel  last  week  unveiled  a  DSL  access 
multiplexer  that  quadruples  the  number  of 
users  that  its  current  platforms  can  sup¬ 
port,  in  addition  to  enhancing  multimedia 
service  provisioning  capabilities. 

Alcatel,  the  market  leader  in  DSLAMs, 
owned  40%  of  the  $2.25  billion  worldwide 
DSL  access  concentrator  market  last  year, 
outdistancing  the  No.  2  vendor,  NEC,  which 
had  7.5%,  according  to  Dell’Oro  Group. 

Alcatel’s  newest  box,  the  7301  Advanced 
Services  Access  Manager,  is  a  derivative  of 
Alcatel’s  widely  installed  7300  ASAM,  the 
platform  upon  which  Alcatel  says  it  has 
shipped  more  than  25  million  DSLs. 

The  7301  is  a  higher-capacity,  broader- 
service-enabling  cousin  of  the  7300  that’s 
intended  to  accommodate  growing  sub¬ 
scriber  demand  for  bandwidth-intensive 
applications  such  as  business  access  and 
residential  video  services. 

For  example,  a  single  line  on  the  7301 
ASAM  delivers  audio, video  and  data  to  up 
to  10,000  simultaneous  users,  Alcatel  says. 
This  is  a  fourfold  capacity  increase  over 
the  7300. 

This  increase  also  is  beneficial  for  DSL 
services  that  move  closer  to  users  and  into 
remote  locations,  the  company  says.  In  this 
scenario,  the  7301  lets  carriers  tap  the  small 
and  midsize  enterprise  market  by  offering 


The  revised  rules  let  a  carrier  share  spec¬ 
trum  with  other  providers.  Spectrum  shar¬ 
ing  makes  the  most  sense  in  rural  areas, 
where  a  relative  dearth  of  users  results  in 
excess  capacity  more  often  than  is  the  case 


DSLAM 
user  support 

VPN  services  over  DSL,  the  vendor  says. 

And  a  Gigabit  Ethernet  interface  on  the 
7301  provides  an  evolution  toward  aggre¬ 
gation  of  Ethernet  metropolitan-area  net¬ 
work  services,  Alcatel  says. 

The  7301  features  a  5G  bit/sec  processor 
and  a  170G  bit/sec  backplane,  and  sup¬ 
ports  1.4G  bit/sec  of  bandwidth  per  slot.  It 
also  features  a  622M  bit/sec  broadcast 
video  bus  and  a  155M  bit/sec  data  bus. 

The  dedicated  broadcast  video  bus  lets 
each  user  access  up  to  250  channels. 

Users  of  the  7300  ASAM  can  upgrade  to 
the  7301  by  swapping  out  the  network  con¬ 
troller  card  from  the  DSLAM’s  12  shelves. 
Like  the  7300,  the  7301  consists  of  12 
shelves  daisy-chained  together  through  a 
so-called  extender  card  in  each  shelf. 

“The  new  processing  and  bandwidth 
capacities  will  enable  carriers  to  acceler¬ 
ate  the  delivery  of  advanced,  comprehen¬ 
sive  DSL-based  service  packages  —  in¬ 
cluding  digital  TV/video  —  and  thereby 
compete  more  effectively  with  their  chief 
rivals,  the  cable  operators,”  says  Erik  Keith, 
a  senior  analyst  at  Current  Analysis. 

“While  certainly  a  dramatic  enhance¬ 
ment  for  the  7300  series,  [it]  is  still  an 
ATM-centric  solution  that  rival  DSLAM 
vendors  may  attempt  to  position  as  not 
truly  future-proof,  since  many  carriers  are 
deploying  IP-based  DSLAM  systems,” 
Keith  says.  ■ 


in  most  metropolitan  areas. 

Because  spectrum  owners  now  are  per¬ 
mitted  to  lease  portions  of  their  networks 
to  other  service  providers  or  even  users, 
owners  will  be  able  to  get  the  most  out  of 
their  investments.  Users  who  reside  in  or 
travel  to  rural  areas  also  are  expected  to 
benefit  in  a  couple  of  ways.  Soon,  users  in 
less-populated  areas  should  have  a  hand¬ 
ful  of  wireless  service  providers  to  chose 
from  instead  of  just  one,  which  currently  is 
the  case  in  many  rural  areas. 

Large  enterprise  users  also  will  be  able  to 
lease  spectrum  either  in  areas  where  they 
have  many  employees  or  where  they  might 
be  supporting  an  event  over  a  week  to  a 
few  months. 

As  more  spectrum  becomes  available  in 
highly  populated  areas,  the  revised  rules 
also  would  benefit  carriers  and  users  in 
larger  cities,  says  Roger  Entner,  an  analyst 
at  The  Yankee  Group. 

Small  service  providers  would  be  able 
to  lease  spectrum  from  larger  carriers 
that  have  deeper  pockets  and  can  afford 
to  buy  more  spectrum  in  upcoming  auc¬ 
tions,  he  says. 

The  rules  apply  to  a  variety  of  wireless 
spectrums,  including  fixed  wireless  Local 
Multipoint  Distribution  Service  and 
mobile  Personal  Communication  Service 
spectrum. 

While  several  providers,  including  Sprint 
PCS  and  AT&T  Wireless,  support  the  FCC’s 
move  to  add  more  flexibility  into  spectrum¬ 
sharing  issues,  most  are  withholding  com¬ 
ment  until  the  FCC  makes  specific  guide¬ 
lines  available  to  the  public. 

The  new  rules  “should  provide  increased 
access  to  spectrum  for  consumers  whose 
carriers  had  been  spectrum-con- 
strained,  leading  to  fewer  dropped  calls 
and  improved  quality  of  service,”  says 
Tom  Wheeler,  president  and  CEO  at  the 
Cellular  Telecommunications  &  Internet 
Association,  an  industry  group  represent¬ 
ing  wireless  service  providers.  ■ 
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Why  net  execs  are  poised  to  be  industry  leaders 


Regular  readers  know  I’m  a  big  fan  of 
Lou  Gerstner,  former  IBM  CEO  and 
engineer  of  Big  Blue’s  turnaround 
from  technology  has-been  to  e-business 
leader  in  the  ’90s.  He’s  got  great  common 


sense  and  wonderful  perspective  because 
he  approaches  the  computer  industry  as 
an  outsider  (he  worked  at  McKinsey, 
Nabisco  and  American  Express  before 
joining  IBM). 
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In  his  book  about  the  IBM  turnaround 

—  Who  Says  Elephants  Can't  Dance?  — 
Gerstner  says:  “What  I  was  totally  unpre¬ 
pared  for  were  the  characters  and  bizarre 
practices  of  the  computer  industry” 

Characters? That  would  be  Larry  Ellison. 
Bill  Gates,  Scott  McNealy,  Steve  Jobs. Yeah, 
“characters”  is  a  diplomatic  way  of  de¬ 
scribing  that  crew. 

What  are  these  bizarre  practices?  Front 
and  center,  Gerstner  highlights  the  lack  of 
common  standards  across  the  computer 
industry,  particularly  in  software.  While 
recognizing  the  advances  we’ve  made 
with  coding  specs  like  Java,  Java  2 
Enterprise  Edition,  XML  and  the  like,  he 
marvels  at  our  industry’s  focus  on  propri¬ 
etary  way-cool  technology  enhancements 
over  specs  or  standards.  Keep  in  mind 
Gerstner  is  talking  about  the  computer 
industry,  not  the  network  industry  (from 
an  outsider’s  perspective  they’re  all  the 
same).  He  raises  an  excellent  point  — 
with  major  implications  for  network  exec¬ 
utives  everywhere. 

Here’s  why:  In  most  organizations,  the 
“infrastructure”  group  usually  ends  up 
being  run  by  executives  with  a  back¬ 
ground  in  networks.  These  are  the  individ¬ 
uals  who’ve  spent  their  careers  making 
crotchety  and  cantankerous  systems  work 
together.  And  the  art  of  making  disparate 
systems  work  together  will  truly  end  up  re 
shaping  industry  in  the  21st  century. 

Historically,  CIOs  and  CTOs  came  from 
either  an  applications  or  a  systems  back¬ 
ground.  Applications  people  specialize  in 
masterminding  colossal  projects  involv¬ 
ing  hundreds  of  people  and  millions  of 
moving  parts.  Systems  folk  focus  on  learn¬ 
ing  the  black  arts  of  keeping  sophisticated 
engines  well  tuned.  Both  skills  are  impor¬ 
tant.  But  they  don’t  necessarily  result  in 
solutions  that  are  seamless  and  open, 
which  is  what  IT  will  need  to  be  in  the 
coming  years  and  decades. 

If  Gerstner  is  right  —  and  I  believe  he  is 

—  that  the  lack  of  effective  standards  is 
one  of  the  biggest  weaknesses  in  the  IT  in¬ 
dustry,  the  people  who  have  the  best  track 
record  in  integrating  disparate  systems  are 
the  ones  best-equipped  to  deal  with  the 
challenge.  Overall,  I  expect  that  an  in¬ 
creasing  percentage  of  CIOs  and  CTOs 
will  come  from  an  infrastructure  (read: 
networking)  background. 

As  companies  rethink  the  power  of  the 
Web  and  connectivity  to  optimize  their 
own  business  networks  linking  customers, 
suppliers  and  partners,  the  individuals  with 
the  greatest  insight,  vision  and  perspective 
will  be  CIOs  and  CTOs  with  networking 
backgrounds  and  business  savvy.  These 
individuals  will  be  able  to  help  their  com¬ 
panies  reinvent  their  business  processes 
and  business  networks.  And  in  the  process, 
they’ll  reinvent  industry 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com 
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SERVICES  AND  STRATEGIES 
FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Providers  entice  with  experimentation 


■  BY  TONI  KISTNER  AND  JIM  DUFFY 

After  a  long  winter,  Cox  Communica¬ 
tions,  BellSouth,  Verizon  and  Comcast 
have  sprung  up  new  services,  and  re¬ 
vamped  packages  and  experimental 
offerings  your  teleworkers  will  want  to 
know  about. 

With  an  eye  toward  improving  customer 
experience  and  cutting  costs,  Cox  has 
partnered  with  Motive  to  offer  Motives 
self-installation  and  autoprovisioning  ser¬ 
vices  to  its  cable  Internet  customers.  The 
new  service,  available  in  some  Cox  mar¬ 
kets  now,  with  more  coming  over  time,  lets 
new  customers  handle  cable  service  acti¬ 
vation  on  the  desktop  and  autoprovision¬ 
ing  on  the  network  by  communicating 
directly  with  Cox’s  support  systems. 

“There’s  been  a  trend  in  the  cable  indus¬ 
try  —  and  some  in  the  DSL  space  —  to  try 
to  get  to  a  dial-up  ISP  model,  where  they 
send  fulfillment  packages  to  anyone  and 
you  don’t  have  to  wait  a  week  to  get 
online"  says  Sanjay  Castelino,  Motive’s 
director  of  product  marketing. 

With  Motive’s  SmartActivation  software 
in  place,  new  subscribers  can  buy  a  cable 
modem  at  the  store,  bring  it  home  and 
plug  it  in.  For  users  with  older  PCs 
(Windows  98  and  up)  that  have  never 
been  connected  to  the  Web,  Cox  provides 
a  CD  that  configures  network  settings, 


Takes 

■  Toshiba  recently  announced  it 
would  embed  Jungo  Software 
Technologies’  OpenRG  software 
into  its  upcoming  PCX4500  Wireless 
Cable  Modem  Router.  The  PCX 
4500  will  include  Ethernet  and  USB 
ports,  802.11b  wireless  technology  and 
a  stateful  packet  inspection  firewall. 
Jungo’s  software  will  let  service  pro¬ 
viders  remotely  provision  and  manage 
the  device  and  others  on  customers’ 
home  networks. 

■  Netgear  has  added  a  USB  adapter 
and  wireless  Ethernet  bridge  to  its  line 
of  802.11b  wireless  gear.  The  size  of  a 
pack  of  chewing  gum,  the  MA111 


enables  the  TCP/IP  stack  and  installs  USB 
drivers  and  the  like.  Users  with  a  Windows 
XP  system  simply  open  a  browser.  Next, 
users  are  redirected  to  a  Web  page  on 
Cox’s  site  that  collects  and  authenticates 
subscriber  information,  registers  the  sub¬ 
scriber  with  the  appropriate  back-end  sys¬ 
tems  based  on  level  of  service,  and  com¬ 
municates  with  provisioning  systems  to 
activate  the  cable  modem  on  the  network. 
On  the  desktop,  SmartActivation  config¬ 
ures  the  ISP  and  e-mail  clients  and  appli¬ 
cation  settings. 

“We’re  able  to  take  someone  from  a  new 
modem  all  the  way  to  current  active  pay¬ 
ing  subscriber  in  one  step,”  Castelino  says. 

In  April,  BellSouth  launched  a  service 
that  lets  customers  access  their  corporate 
VPNs  over  a  variety  of  dedicated  connec¬ 
tions.  Serving  the  Southeast,  Managed 
Network  VPN  service  works  over  Bell- 
South’s  Multi-protocol  Label  Switching 
network.  Customers  can  set  up  remote 
access  to  their  VPNs  using  DSL,  and  dedi¬ 
cated  IP  or  frame  relay  connections. 
BellSouth  uses  its  private  IP  network  to 
support  the  service,  which  the  carrier  says 
adds  an  additional  level  of  security.  For 
customers  who  want  to  access  the 
Internet  through  a  VPN,  BellSouth  offers 
an  integrated  firewall. 

The  VPN  service  costs  $100  per  month, 
per  site,  for  DSL  access  and  up  to  $1,000 


Wireless  USB  Adapter  is  ideal  for 
impromptu  hot  spot  connections. 
Aimed  at  gamers  and  entertainment 
buffs,  the  ME101  802.11b  Wireless 
Ethernet  Bridge  lets  users  add 
Ethernet  devices  such  as  gaming 
consoles,  Internet  radio  shelf  sys¬ 
tems  and  digital  video  recorders  to  a 
wireless  network.  The  adapter  costs 
$85;  the  bridge  costs  $99. 

■  Alpha  Software  last  week 
announced  the  Home/Personal 
Edition  of  its  Alpha  Five  Version  5 
Windows  relational  database  and 
application  building  tool.  The  soft¬ 
ware  lets  you  track,  report  and 
manage  information  about  people, 
projects,  images,  equipment  or  facil¬ 
ities.  The  Home  edition  costs  $99 
and  is  compatible  with  the  full  ver¬ 
sion,  which  costs  $349. 


per  month,  per  site,  for  frame  relay  at  T-3, 
45M  bit/sec  speeds.  Existing  BellSouth 
DSL  and  fractional  T-l  customers  can  add 
the  service  for  an  additional  $15  to  $20 
per  month,  per  user. 

Verizon  this  month  made  several 
announcements  aimed  at  residential  and 
small-business  DSL  users.  For  mobile  and 
remote  workers,  Verizon  plans  to  roll  out 
Wi-Fi  hot  spots  to  1,000  pay  phones  in 
New  York  City.  This  will  let  Verizon  Online 
DSL  customers  who  have  laptops  or  hand¬ 
helds  access  the  Internet  within  300  feet 
of  such  phones.  To  date,  Verizon  has  acti¬ 
vated  150  hot  spots,  with  plans  to  increase 
to  1,000  by  year-end. 

The  carrier  also  cut  the  monthly  rate 
for  its  consumer  DSL  service  from  $49.95 
to  $34.95,  and  the  rate  of  its  small-busi¬ 
ness  service  by  $10  to  $59.95  and  $89.95, 
depending  on  the  type  of  DSL  service 
they  buy  Residential  users  of  Verizon’s 
Freedom  local  and  long-distance  bundle 
benefit  from  a  $5  price  cut,  from  $34.95 
to  $29.95,  and  Freedom  for  Business 
packages  now  offer  a  20%  discount. 
Moreover,  Verizon  has  increased  the 
downstream  speed  from  768K  bit/sec  to 
1.5M  bit/sec. 

Also  new  is  the  bundling  of  Microsoft’s 
MSN  8.0  with  Verizon’s  DSL  service.  The 
software  includes  shared  browser  technol¬ 
ogy  advanced  parental  controls,  e-mail 
virus  protection,  research  and  learning 
tools,  financial  management  software,  and 
photo  posting  and  editing.  Soon,  Verizon 
will  begin  offering  its  Digital  Companion 
service,  which  will  let  customers  integrate 
calendars,  address  books  and  to-do  lists 
with  caller  ID  tracking,  call  dialing  and 
forwarding. 

“With  the  DSL  guys  getting  so  much 
cheaper,  you  have  to  wonder  whether 
cable  is  still  worth  the  extra  $10  a  month” 
says  Michael  Harris,  president  of  research 
firm  Kinetic  Strategies.  “The  cable  guys 
think  yes  by  default.” 

Aiming  to  make  the  value  of  cable  ser¬ 
vices  clear,  Comcast  is  rolling  out  what  it 
hopes  is  the  killer  entertainment  applica¬ 
tion.  In  conjunction  with  Samsung  and 
Ucentric,  the  cable  provider  recently 
announced  the  first  field  trials  for  multi- 
TV  personal  video  recording  service.  To 
be  conducted  with  Comcast’s  Phila- 
delphia-area  subscribers  this  summer,  the 
service  will  let  users  extend  digital 
recording  capabilities  to  multiple  TVs  in 
the  home.  Users  can  select  and  control 


tpbroadb; 


video  recordings  of  programs  from  a  sin¬ 
gle  recording  library  shared  among  mul¬ 
tiple  TVs.  The  network  consists  of  a 
Samsung  digital  set-top  box  running 
Ucentric’s  software,  and  CD-player-sized 
devices  attached  to  each  TV 

The  Ucentric  software  also  lets  cable 
providers  offer  other  services,  such  as  a 
music  jukebox  and  photo  album.  Pricing 
plans  have  not  been  announced. 

“For  Comcast,  making  the  core  enter¬ 
tainment  service  robust  and  compelling  is 
a  top  priority’  Harris  says.  ■ 


More  online! 

Go  online  for  a  comparative  chart  of  these 
service  providers'  offerings. 
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At  the  touch  of  a  button,  users  can  now  save  lost  data. 
Not  to  mention  time  and  sleep. 

Everyone  makes  mistakes,  but  not  everyone  can  undo  them.  Now,  thanks  to  Rapid 
Restore"*'  PC  software  preloaded  on  ThinkPad"’  notebooks,  you  can  do  just  that. 
Simply  press  F11  and  you're  able  to  launch  a  recovery  program  which  rescues 
previously  saved  versions  of  lost  data,  applications  and  operating  systems.  You're 
back  on  track  in  no  time.  And  to  boost  confidence  further,  there’s  the  outstanding 
mobile  performance  of  new  Intel  Centrino'M  mobile  technology  (on  select  models). 
It’s  a  foolproof  way  to  do  your  best  work.  And  put  your  best  foot  forward. 


think  confidence 


Best  blend  of  ThinkPad  portability  and  essential  features 

IBM  ThinkPad  R40e 

Distinctive  Features: 

•  Access  IBM  —  Easy  access  to  online2  and  on-system  information 

•  IBM  Rapid  Restore  PC  —  Managed  data-recovery  solution 

System  Specifications: 

•  Intel®  Mobile  Celeron® processor  1 ,70GHz 

•  13.3'  XGA  TFT  display 

•  Integrated  video  graphics 

•  128MB  DDR  SDRAM  std/IGB  max 

•  20GB  hard  drive' 

•  CD-ROM 

•  Microsoft®  Windows*  XP  Professional3 

•  2.5-hr  Li-Ion  battery3 

•  6.0-lb  travel  weight5 

•  1-yr  system/battery  limited  warranty6 

$949*  □  NavCode™  268422U-M517 

With  Microsoft*  Office  XP  Small  Business7  $1 ,078 

ServicePac®  Service  Upgrade: 

3-yr  onsite/9x5/ 

Next  Business  Day  Response8  (#30L9195)  $243 


Perfect  balance  of  performance  and  portability 

IBM  ThinkPad  T40 

Distinctive  Features: 

•  Hard  Disk  Drive  Shock  Absorber  —  Offers  protection 
for  the  hard  drive 

•  IBM  Embedded  Security  Subsystem  2,0  (requires 
download  of  security  software  from  IBM) 

System  Specifications: 

•  Intel®  Centrino™  mobile  technology 

-  Intel®  Pentium*  M  Processor  1 ,30GHz  supports 
Enhanced  Intel  SpeedStep®  technology9 

-  Intel®  PRO  Wireless  Network  Connection  802.11b'0 

•  14.1"  XGA  TFT  display 

•  32MB  ATI®  Mobility  Radeon™  7500  AGP4X  graphics 

•  256MB  DDR  SDRAM  std/2GB  max 

•  30GB  hard  drive 

•  Ultrabay™  Slim  CD-RW/DVD-ROM  combo 

•  Microsoft®  Windows®  XP  Professional3 

•  5.0-hr  Li-Ion  battery 

•  4.5-lb  travel  weight 

•  3-yr  system/1-yr  battery  limited  warranty6 

s2,179  n  NavCode™  237319U-M517 

With  Microsoft®  Office  XP  Small  Business  $2,308 

ServicePac®  Service  Upgrade: 

5-yr  onsite/9x5/ 

Next  Business  Day  Response  (#69P9200)  $449 


Powerful  and  competitively  priced 
desktop  replacement 

IBM  ThinkPad  G40 

Distinctive  Features: 

•  4  USB  2.0  ports  for  added  connectivity 

•  Inclined  keyboard  for  ergonomic  extended  use 

System  Specifications: 

•  Intel®  Pentium®  4  processor  2.40GHz’2 

•  14.1"  XGA  TFT  display 

•  32MB  Integrated  Intel®  Extreme  Graphics 

•  256MB  DDR  SDRAM  std/IGB  max 

•  20GB  hard  drive 

•  DVD-ROM 

•  Microsoft®  Windows®  XP  Professional 

•  2.0-hr  Li-Ion  battery 

•  7.0-lb  travel  weight 

•  1-yr  system/battery  limited  warranty6 

$1 ,349  H  NavCode™  23882MU-M5 17 

With  Microsoft®  Office  XP  Small  Business  $1 ,478 

ServicePac®  Service  Upgrade: 

4-yr  onsite/9x5/ 

Next  Business  Day  Response  (I69P9194)  $399 


Extreme  mobility  in  a  small  and  light  ultraportable 

IBM  ThinkPad  X31 

Distinctive  Features: 

•  CompactFlash,  FireWire  and  2  USB  2.0  ports  for 
easy  connections  to  peripherals 

•  IBM  Embedded  Security  Subsystem  2.0 

System  Specifications: 

•  Intel®  Centrino™  mobile  technology 

-  Intel®  Pentium®  M  Processor  1 ,40GHz  supports 
Enhanced  Intel  SpeedStep®  technology9 

-  Intel®  PRO  Wireless  Network  Connection  802.11b"1 

•  12.1”  XGA  TFT  display 

•  16MB  ATI  Mobility  Radeon  7000  AGP4X  graphics 

•  256MB  DDR  SDRAM  std/IGB  max 

•  40GB  hard  drive 

•  Microsoft®  Windows®  XP  Professional 

•  5.5-hr  Li-Ion  battery 

•  3.6-lb  travel  weight 

•  3-yr  system/1  -yr  battery  limited  warranty6 

$2,229  n  NavCode™  2672CBU-M5 17 
With  Microsoft®  Office  XP  Small  Business  $2,358 

ServicePac® Service  Upgrade: 

4-yr  onsite/9x5/ 

Next  Business  Day  Response  (I69P9198)  $299 


IBM  ThinkPad  Upgrades 

256MB  CL2.5  DDR  SDRAM 

SODIMM  Memory  (#10K0030)  $54 

IBM  Wireless  Networking  Options 

IBM  High  Rate  Wireless  LAN 

Mini-PCI  adapter  (#22P7701 )  $109 

Cisco  Aironet  802.11b  Mini-PCI 

(wireless  upgradable 

models  only)  (#31P8301)  $109 

Linksys  Wireless  Dual  Band  Router 
(wireless  upgradable 

models  only)  (#22P7131)  $220 

ThinkPad  Notebook  Accessories 

Belkin  Travel  Surge  Protector 

and  retractable  phone  cord  (#22P71 27)  $20 

GemPlus  GemPC400  Smart  Card 

Reader  from  IBM  (#31 P8901)  $75 

Targus  DEFCON  PC  Card 

Fingerprint  Reader  (#31 P6763)  $175 

ThinkPad  Port  Replicator  II  (#74P6733)  $179 

Lexmark  X51 50  All-in-One  (#22P7149)  $160 

IBM  Portable  USB  2.0  Hard  Drive 

with  Rapid  Restore  (#09N4211)  $289 


Upgrade  your  system  with 
Microsoft®  Office  XP  Small  Business 
to  Microsoft®  Office  XP  Professional 
with  Publisher. 


1  866  426-6504  I  ibm.com/shop/m517 

Save  on  shipping,  order  online1.' 


IBM  recommends  Microsoft®  Windows®  XP  Professional  for  Business. 

Warranty  Information:  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.0.  Box  12195,  RTP,  NC  2/709.  Attn:  Dept.  JDJA/B203.  IBM  makes  no  representation  or  warranty  regaraing  third-party  products  or  services.  ’Prices  do  not  include  tax  or  shipping  and  are  subject  to  change  without  notice. 
Reseller  prices  may  vary.  ’GB  =  1,000.000,000  bytes  when  referring  to  storage  capacity.  Accessible  capacity  is  less;  up  to  3GB  is  used  in  service  partition.  'Requires  Internet  access  account;  not  included.  ‘Some  software  may  differ  from  its  retail  version  (il  available)  and  may  not  include  user  manuals  or  all  program 
functionality  Software  license  agreements  may  apply.  These  model  numbers  achieved  eTesting  Labs,  Inc.’s  BatteryMark™  4.0.1  or  the  Ziff  Davis  Media,  Inc.’s  Business  Winstone*  2002  BatteryMark  Version  1.0  Battery  Rundown  Time  of  at  least  the  time  shown.  This  test  was  performed  without  independent  verification  by 
the  VeriTest  testing  division  of  Lionbridge  Technologies,  Inc.  ("VeriTest")  or  Ziff  Davis  Media.  Inc.;  neither  Ziff  Davis  Media,  Inc.,  nor  VeriTest  makes  any  representations  or  warranties  as  to  these  test  results.  Winstone  is  a  registered  trademark  and  BatteryMark  is  a  trademark  of  Ziff  Davis  Publishing  Holdings,  Inc.,  in  the 
U.S.  and  other  countries  A  description  of  the  environment  under  which  the  test  was  performed  is  available  at  ibrncon^w/lhinkpid/ballerylile  Battery  life  (and  recharge  times)  will  vary  based  on  many  factors  including  screen  brightness,  applications,  features,  power  management,  battery  conditioning  and  other  customer 
preferences.  Includes  battery  and  optional  travel  bezel  instead  of  standard  optical  drive  in  Ultrabay  bay,  if  applicable;  weight  may  vary  due  to  vendor  components,  manufacturing  process  and  options.  Thinness  may  vary  at  certain  poinls  on  the  system.  ‘Telephone  support  may  be  subject  to  additional  charges.  For  onsite 
labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician  ’Certain  Microsoft®  software  product(s)  included  with  this  computer  may  use  technological  measures  lor  copy  protection.  IN  SUCH  EVENT,  YOU  WILL  NOT  BE  ABLE  TO  USE  THE  PRODUCT  IF  YOU  DO  NOT  FULLY  COMPLY 
WITH  THE  PRODUCT  ACTIVATION  PROCEDURES  Product  activation  procedures  and  Microsoft’s  privacy  policy  will  be  detailed  during  initial  launch  of  the  product,  or  upon  certain  reinstallations  of  the  software  product(s)  or  reconfigurations  ol  the  computer  and  may  be  completed  by  Internet  or  telephone  (toll  charges  may 
apply).  These  services  are  available  for  machines  normally  used  for  business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes.  Not  all  machine  types  and  models  are  covered.  Service  period  begins  with  the  equipment  date  of  purchase.  Service  must  be  purchased  during  the  original 
limited  product  warranty  period  Service  levels  are  response-time  objectives  and  are  not  guarantees.  A  service  technician  is  scheduled  to  arrive  at  your  location  within  two  or  four  business  hours  or  the  next  business  day  (depending  on  service)  after  remote  problem  determination  is  completed  For  the  9x5x4-hour  service, 
calls  dispatched  alter  1 00  pm  local  time,  you  can  expect  the  service  technician  to  arrive  by  the  morning  of  the  next  business  day.  For  noncritical  service  requests,  a  service  technician  will  arrive  by  the  end  ol  the  following  business  day.  II  the  machine  problem  turns  out  to  be  a  Customer  Replaceable  Unit  (CRU).  IBM  wili 
express  ship  the  part  to  you  for  quick  replacement  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  External  peripherals,  such  as  racks,  tape  drives  and  channel  controllers,  require  their  own,  separate  service  coverage;  they  are  not  covered  under  the  attached  Machine.  Service  activation  is  required  immediately 
following  purchase.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM  may  choose  to  perform  service  at  the  depot  repair  center.  For  failing  non-IBM  components,  customer  must  provide  replacement  part  unless  IBM  has  a  Technical  Support  Agreement  with  the  manufacturer  Service  does  not 
cover  accessories,  supply  items  and  certain  parts  such  as  batteries,  frames  and  covers.  ‘With  Intel  SpeedStep,  processor  speed  may  be  reduced  to  conserve  battery  power.  “Based  on  IEEE  802.1 1b.  This  wireless  LAN  product  has  been  designed  to  permit  legal  operation  worldwide  in  regions  in  which  it  is  approved.  Operation 
on  channels  12-14  is  not  permitted  in  all  regulatory  regions  ol  the  world.  Consequently,  the  wireless  LAN  feature  is  limited  to  operate  on  channels  1-1 1  and  will  not  support  channels  1 2, 13  and  1 4.  This  product  has  been  tested  and  certified  to  be  interoperable  by  the  Wireless  Ethernet  Compatibility  Alliance  and  is  authorized 
to  carry  the  Wi-Fi  logo  ‘Standard  shipping  incloded  when  you  order  online.  U.S.  only.  “Power  management  features  reduce  processor  speed  when  in  battery  mode.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  lime,  without  notice  IBM  is  not  responsible  lor  photographic  or  typographic  errors 
All  IBM  product  names  are  registered  trademarks  or  trademarks  ol  International  Business  Machines  Corporation  in  the  U.S.  and  other  countries.  Lotus  and  SmartSuite  are  registered  trademarks  of  Lotus  Development  Corporation,  an  IBM  company.  Intel.  Intel  Inside,  the  Intel  Inside  logo,  Celeron,  Centrino  and  Pentium  are 
trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  U.S  and  other  countries.  Microsoft  and  Windows  are  trademarks  or  registered  trademarks  of  Microsoft  Corporation.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  ol  others.  ©  2003  IBM  Corp.  Ail  rights  reserved 


The  switch  that  adapts 
to  any  environment. 

And  always  will. 


Introducing  the  Matrix™  N-Series 

Scalability  and  security  adapted  to  your  enterprise. 


Because  your  needs  change  so  often,  you 
need  a  switch  that  can  keep  up.  That’s  the 
revolutionary  new  Matrix  N-Series.  Thanks 
to  an  exclusive  distributed  architecture— 
where  all  switching  and  control  functions 
reside  on  each  module — the  N-Series  lets 
you  cost-effectively  add  bandwidth,  users  and 
applications  on  the  fly.  And  no  other  switch 
offers  such  a  low  entry  cost. 

A  wide  range  of  secure  connectivity 
options  means  the  Matrix  N-Series  will 
scale  to  support  converged  applications 


like  video  streaming,  VoIP  and  more  without 
expensive  upgrades.  With  unsurpassed 
reliability,  flexibility  and  investment 
protection,  the  N-Series  js  a  key  component 
to  any  Business-Driven  Network .  ™ 

Now  and  always. 

For  a  FREE  whitepaper  on  the  Matrix 
N-Series  and  Multilayer  Packet  Classification, 
go  to  enterasys.com/nw/n-series 
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Security  tor  todays  workforce 


An  editonal  supplement  to  Network  World 


www.nwfusion.com/supp /security03 


perspective 
on  digital 
identities 


You  can  build  it,  you  can  buy  it, 
but  you  can’t  escape  the  need 
for  identity  management. 


M  BY  PAUL  DESMOND 

teel  manufacturer  Nucor  cre¬ 
ated  its  own  intranet-based 
identity  management  system. 
T.  Rowe  Price  brought  identi¬ 
ty  management  to  customer 
Web  sites  using  a  Web-based  access  man¬ 
agement  tool.  Syracuse  University  opted 


for  a  provisioning  tool  to  deal  with  its 
twice-a-year  onslaught  of  new  students 
who  need  digital  identities.Three  user 
organizations  with  three  business  prob¬ 
lems  illustrate  a  single  salient  fact:  More 
than  one  way  exists  to  tackle  identity 
management. 
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Identity  management  involves  dealing  with  individuals 
in  an  online  world.  Ideally  it  provides  a  single  view  of 
every  individual  across  IT  systems  throughout  the  organi¬ 
zation.  Experts  agree  that  the  problem  is  the  same 
whether  those  individuals  are  employees,  customers  or 
business  partners.The  goal  is  to  “understand  who  you’re 
working  with  and  what  they  need,” says  Joe  Duffy  global 
leader  of  PricewaterhouseCooper’s  (PWC)  Security  and 
Privacy  Practice. 

What  follows  is  a  guide  to  help  achieve  that  goal.  Duffy 
describes  the  process:  Evaluate  your  business  objectives 
and  the  existing  directory  structure,  including  number  of 
applications,  users,  attributes,  roles  and  rules.  Next,  devise 
an  architecture  and  project  plan  to  meet  the  objectives, 
choosing  among  technologies  such  as  authentication, 
authorization,  provisioning  and  Web  access  manage¬ 
ment  tools.  (If  the  problem  is  differentiating  your  “gold” 
customers  from  the  rest,  for  example,  a  Web  access  man¬ 
agement  tool  might  be  the  right  choice.)  Then,  deter¬ 
mine  the  order  to  tie  the  various  applications  into  the 
new  structure,  stage  each  application,  test  it  and  launch 
it.  Ideally, you’ll  accomplish  all  that  and  be  demonstrat¬ 
ing  significant  ROI  within  a  year. 

Identify  the  problem 

This  road  map  wasn’t  as  straightforward  when  T.  Rowe 
Price  first  thought  about  identity  management  in  1998, 
says  Kirk  Kness.vice  president  with  the  firm’s  Investment 
Technologies  group  in  Baltimore.  Back  then,  there 
weren’t  many  tools  to  help  with  the  problem,  and  those 
that  did  exist  were  in  their  nascent  stages. 

The  business  problem,  however,  was  clear. T.  Rowe  Price 
had  a  number  of  financial  tools  —  report  generators, 
calculators  and  the  like  —  that  it  wanted  to  provide  on¬ 
line  to  its  institutional  investment  clients.“If  we  made 
them  log  on  five  different  times  to  do  what  they  wanted, 
it  wasn’t  going  to  go  over  well,”  he  says. 

Other  companies  have  to  delve  deeper  to  pinpoint 
their  identity  issues,  says  Roberta  Witty  research  director 
for  information  security  strategies  at  Gartner.  Is  it  an  ex¬ 
ternal  or  internal  security  problem?  Is  there  an  adminis¬ 
trative  issue,  such  as  too  many  help  desk  calls  for  pass¬ 
word  problems?  Are  you  looking  to  reduce  total  cost  of 
ownership  (TCO)  for  access  control?  Are  federal  regula¬ 
tions  forcing  you  to  examine  your  security  infrastruc¬ 
ture?  All  these  questions  will  help  determine  the  kind  of 
solution  you  need,  Witty  says. 

About  two  years  ago,  CUNA  Mutual  Group,  which  pro¬ 
vides  financial  services  to  credit  unions,  was  looking  at 


how  to  bring  more  of  its  300  products  and  services 
online.  An  analysis  turned  up  125  directories  that  held 
credentials  and  other  data  about  internal  employees, 
credit  union  employees  and  members  who  used  CUNA 
Mutual’s  systems.“Whenever  you  do  any  kind  of  IT  anal¬ 
ysis  and  find  you  have  125  of  something, you've  obviously 
got  room  for  improvement,” says  Steve  Devoti,  directory 
services  manager  for  the  company,  in  Madison, Wis.“You 
can’t  have  125  directories  and  no  plan.” 

American  Express  encountered  an  identity  manage¬ 
ment  problem  as  it  rolled  out  Web  services  with  busi¬ 
ness  partners,  says  Michael  Barrett,  vice  president  for 
Internet  technology  strategy  for  the  Phoenix  company. 
“From  a  business  perspective,  the  Web  service  was  sta¬ 
ble,  but  the  implementation  was  radically  different  each 
time,”  he  says. 

The  problem  was  that  each  partner  company  had  a 
different  way  of  handling  security,  including  authentica¬ 
tion  and  authorization. “We  looked  around  for  standards 
and  there  weren’t  an>(  he  says,  a  fact  that  became  an 
impetus  for  the  company’s  involvement  in  the  Liberty 
Alliance,  an  industry  group  devising  a  strategy  for  feder¬ 
ated  identity  management  that  Barrett  heads. 

Devising  a  directory  strategy 

Most  identity  management  strategies  start  with  some 
form  of  directory  services  integration,  says  Kevin  Kamp- 
man,  senior  consultant  with  Burton  Group. The  idea  is 
to  have  a  single  “authoritative  source”  for  each  piece  of 
data.  Multiple  authoritative  sources  might  be  associated 
with  the  same  individual,  depending  on  the  data  in 
question.  For  example,  the  human  resources  applica¬ 
tion  would  be  the  authoritative  source  for  fiduciary 
employee  records,  while  Active  Directory  holds  e-mail 
addresses. 

One  option  is  a  metadirectory,  which  brings  a  consoli¬ 
dated  view  of  data  in  various  directories  in  the  corpora¬ 
tion.  Largely  homogeneous  organizations  might  imple¬ 
ment  an  all-encompassing  enterprise  directory,  but  it’s 
unlikely  you’ll  ever  get  down  to  just  one. 

“In  theory,  you  can  make  one  authoritative  source,  but 
in  practice  you  can’t.  Applications  such  as  PeopleSoft 
and  SAP  are  still  going  to  have  their  database,”  PWC’s 
Duffy  says.The  idea  of  this  mongo  directory  in  the  sky 
just  defies  how  business  works.” 

That’s  the  conclusion  Syracuse  University  came  to 
after  embarking  on  its  identity  management  quest  in 
the  fall  of  2001,  says  Gary  McGinnis,  director  of  client 
services  for  the  upstate  New  York  school’s  computing 


and  media  unit. The  university  determined  that  it  never 
would  have  a  single,  monolithic  network  operating  sys¬ 
tem  so  it  decided  to  keep  the  directories  linked  to  its 
three  major  operating  systems:  NetWare,  Unix  and 
Windows.Syracu.se  implemented  Sun’s  iPlanet 
Directory  Server  to  create  a  master  directory  to  authen¬ 
ticate  users,  but  keep  authorization  data  specific  to  var¬ 
ious  applications  in  the  operating  system  directories.  A 
provisioning  tool  from  Business  Layers  detects  changes 
in  the  master  database,  then  pushes  the  changes  to  any 
other  directories  where  that  user  exists. 

Creating  the  master  directory  required  four  to  six 
weeks  of  painstaking  manual  effort,  considering  the 
school’s  largest  directory  holds  records  for  more  than 
30,000  individuals.  While  computers  easily  could  find 
identity  discrepancies  among  existing  directories,  IT  per¬ 
sonnel  had  to  resolve  the  discrepancies,  which  in  some 
cases  meant  getting  in  touch  with  the  users  directly 

Bringing  in  the  apps 

With  the  directory  in  order,  integrating  applications  can 
begin.  Mark  Ford,  principal  with  Deloitte  &  Touche  Secur¬ 
ity  Services  Group,  says  organizations  that  make  a  con¬ 
certed  effort  to  Web-enable  their  applications  have  a 
much  easier  go  of  it  because  they’ve  got  a  standard  inter¬ 
face  to  deal  with:  the  browser. That  enables  organizations 
to  implement  a  single,  centralized  authentication  and 
authorization  engine  that  any  Web  application  can  use. 

“For  folks  like  me,  a  former  security  officer,  it’s  almost 
the  Holy  Grail  because  you’re  really  getting  back  to  that 
mainframe  model  where  you  have  centralized  access 
management,”  Ford  says. 

Centralized  access  management  can  be  implemented 
in  a  number  of  ways,  but  generally,  when  a  user 
attempts  to  log  on  to  a  Web  application,  the  logon  re¬ 
quest  is  routed  to  the  access  management  engine. There 
the  user  is  properly  authenticated,  with  at  least  a  user- 
name  and  password.  Often  some  form  of  software-based 
security  token  that  denotes  the  user’s  credentials  is  then 
passed  to  the  application.  Should  the  user  later  want  to 
access  other  applications,  the  token  can  be  shuttled 
around  as  necessary  behind  the  scenes, so  the  user 
doesn’t  have  to  log  on  to  each  new  application. 

A  number  of  vendors,  including  IBM,  Netegrity  and 
Oblix,sell  Web  access  management  products  that  pro¬ 
vide  authorization. T.  Rowe  Price  uses  IBM  Tivoli  Access 
Manager,  and  CUNA  Mutual  uses  Oblix’s  NetPoint. 

While  such  systems  easily  can  hook  into  Web-based 
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Identity  management  road  map 


Analysts  at  Deloitte  &  Touche  envision  this  as  the  path  most 
enterprises  will  take  on  an  identity  management  journey. 
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user  identities 
into  a  central¬ 
ized  repository. 


Integrated  auth¬ 
oritative  source 

Populate  the  identity 
repository  from  HR, 
CRM  or  other  auth¬ 
oritative  sources. 


Enterprise 
identity  role 
architecture 

Define  user  roles 
and  policies. 


User 

provisioning 

Use  identity  to 
provision  appli¬ 
cation  and  ser- 


Access 

management 

Provide  authori¬ 
zation  and  authen¬ 
tication  of  users. 


Portal 

Through  single  sign- 
on  to  a  portal,  give 
access  to  Web  con¬ 
tent  and  applications 
based  on  identity. 


Strong 

authentication 

Support  encryption, 
PK1,  biometrics  or 
smart  cards  for  stron¬ 
ger  authentication. 


Federated 

identity 

Create  one  identity 
for  each  user,  en¬ 
abled  across  the 
extended  enterprise. 
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WPA  (Wi-Fi  Protected  Access) 

TK1P  (Temporal  Key  Integrity  Protocol) 

Dynamic  Key  Exchange 
48-bit  Initialization  Vector 
Message  Integrity  Check  (MIC) 

IEEE  802.1x  Authentication 

EAP-MD5/TLS/TTLS 

MAC  Address  Filtering 
256-bit  WEP  Encryption 
IPSec  VPN  Over  Wireless 
168-bit  3DES  Encryption 
ESSID  Broadcast  Enable/Disable  Switch 
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2  VPN  Tunnel  Firewall  Router 
with  Wireless  LAN 


ZyWALl  10W  ZyAIR  B-  20  0  0 

10  VPN  Tunnel  Firewall  Router  Wireless  LAN  Gateway 
with  Wireless  Ready  LAN  with  4-port  Switch 


ZyXEL  offers  highly  secure  wireless  devices  to  protect  users  against  network  vulnerabilities.  Standard  features  including  IEEE 
802.  lx  user  authentication,  WEP  encryption  and  MAC  address  filtering  make  ZyXEL's  affordable  line  of  wireless  VPN/Firewalls  and 
wireless  routers  the  ultimate  line  of  defense  against  unwanted  network  access  through  the  wireless  LAN.  Designed  specifically 
for  the  SOHO  and  SMB  markets,  ZyXEL  wireless  networking  products  offer  total  freedom  without  sacrificing  security. 


Whether  your  application  calls  for  a  basic  firewall  solution  for  a  small  office,  Secured  Wireless  Networks,  or  to  provide  VPN 
connectivity  for  up  to  100  offices  and  telecommuters,  ZyXEL's  ZyWALL  and  ZyAIR  series  offer  a  full  range  of  products  tailored  to 
your  needs. 


For  more  informat  on  or  to  locate  a  ZyXEL 
Authorized  Dealer  near  you,  contact  us  at: 


us.zyxel.com/network 
sales@zyxel.com  or  800.255.4101 


All  specifications  are  subject  to  change  without  notice 
COPYRIGHT  2003  ZyXEL  Communications  Inc  All  rights  Reserved. 
ZyWALL  and  ZyAIR  are  registered  trademarks  of  ZyXEL  Communications  Inc 
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ROI  equations 


As  always,  cost  is  a  consideration  in  the  buy  vs.  build  argument. 


Depending  on  the  size  of  the  implementa¬ 
tion,  prices  vary  widely  for  provisioning 
tools,  which  automate  the  issuing  and 
revocation  of  user  accounts.  When  Burton  Group 
last  surveyed  the  landscape  last  summer,  costs 
were  around  $25  per  seat.  “We  think  that  number 
has  dropped  by  half -in  some  cases,”  says  Kevin 
Kampman,  senior  consultant  with  Burton  Group. 

Gartner  puts  the  price  of  provisioning  tools  at  $84 
per  seat,  before  discounts.  "I  would  take  30%  to 
$40%  off  that,  at  least,”  says  Roberta  Witty, 
research  director  for  information  security  strate¬ 
gies  at  the  consultancy.  “Prices  are  trending  down.” 
Integration  costs,  however,  run  about  two  to  six 
times  the  license  cost,  she  says,  depending  on  how 
much  business  automation  and  customization 
you’re  after. 

Costs  for  Web  access  management  tools,  which 
manage  user  authentication  for  Web-based  re¬ 
sources,  are  far  less,  but  just  as  varied.  Witty  says 
software  prices  range  from  about  $10  per  user  in  a 
15,000-user  implementation  to  about  25  cents  per 
user  for  a  rollout  with  millions  of  users.  Integration 
fees  will  cost  two  to  four  times  the  software  li¬ 
cense  price. 

But  more  important  than  what  you  might  pay  for 
Web  access  management  or  provisioning  tools  is 
the  value  you  can  get  from  them.  “You  have  to  fig¬ 
ure  out  what  the  business  costs  are  and  what  the 
revenue  opportunities  are,  then  calibrate  the 
amount  you’re  prepared  to  spend  to  get  the  cost 
savings  or  revenue  gain,"  says  Michael  Barrett, 
vice  president  for  Internet  technology  strategy  for 
American  Express  in  Phoenix.  “I  don’t  think 
at  its  most  general  level  it’s  any  dif¬ 
ferent  from  that." 

It’s  simplest  to  make  an  ROI 
case  for  provisioning  tools, 
experts  say.  For  starters, 
such  tools  routinely  come 
with  password-manage¬ 
ment  functions  that  let 
users  reset  their  pass¬ 
words,  dramatically  reduc¬ 
ing  calls  to  the  help  desk. 

For  example,  Syracuse  Uni¬ 
versity  students  can  now 
activate  via  the  Web  their 
accounts,  modify  and  maintain 
their  passwords  using  a  chal¬ 
lenge/response  system,  and  man 
age  their  e-mail  preferences. 

The  Business  Layers  implemen 
tation  further  reduces  IT  adniinis 
trative  costs  by  automating  the 
account-generation  process. 

Once  a  new  student  is  fully  reg 
istered  and  entered  into  the 
school’s  PeopleSoft  system, 

Business  Layers  picks  up  on 
the  change  and  triggers  a 
series  of  steps  to  set  up  new 
accounts  for  the  student.  “In 
the  past,  we’d  generate 
those  accounts  by  hand, 
once  in  the  fall  and  once  in 
January  for  winter,”  says 


re  online! 
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Gary  McGinnis,  director  of  client  services  for 
Syracuse’s  computing  and  media  unit.  "Now  it's 
automated,  not  done  in  batch  mode  like  it  used 
to  be." 

Mark  Ford,  principal  with  Deloitte  &Touche  Secu¬ 
rity  Services  Group,  agrees  that  the  return  on  a 
provisioning  investment  is  rapid.  “You  need  fewer 
administrators  and  you  strengthen  security  be¬ 
cause  you  automate  the  process  of  giving  out 
access  as  well  as  taking  it  away,  so  there  are  fewer 
orphaned  or  latent  accounts,"  he  says.  But  unless 
such  account  automation  is  one  of  the  core  busi¬ 
ness  problems,  it  might  be  more  beneficial  to  turn 
to  a  less-expensive  access  management  engine, 
because,  Ford  adds,  “the  longer-term  ROI  comes 
from  Web  access  management.” 

Access  management  engines  can  reduce  applica¬ 
tion  development  costs  dramatically  because  devel¬ 
opers  can  use  the  central  security  engine  rather 
than  building  authorization  functions  into  each 
application.  And  Web  access  management  tools 
also  generally  have  the  self-service  password  man¬ 
agement  functions  built  in. 

Kirk  Kness,  vice  president  withT.  Rowe  Price’s 
Investment  Technologies  group  in  Baltimore,  is  reluc¬ 
tant  to  give  out  numbers,  but  says  the  ROI  on  its 
Web-based  access  management  project  was  "ex¬ 
tremely  significant." 

“The  ramp-up  costs  were  high  —  this  cost  us  a 
couple  million  bucks  to  get  in  place,”  he  says,  not¬ 
ing  that  costs  have  since  come  down.  "But  we  fig¬ 
ure  we  saved  at  least  eight  weeks'  worth  of  devel¬ 
opment  work,  if  not  more,  on  every  project  we’ve 
done  in  the  last  three  years."  With  150  applica¬ 
tions  now  taking  advantage  of  the  IBM 
Tivoli  Access  Manager  engine, 
those  costs  add  up.  At  the  same 
time,  the  number  of  calls  to  the 
help  desk  has  dropped  by 
more  than  60%.  "That's  sig¬ 
nificant  given  our  active 
user  base  on  the  Web  site 
is  in  the  500,000-user 
range,"  he  says. 

That  doesn’t  even  speak 
to  the  other  benefits  that 
Web  access  management 
tools  provide,  Kness  says.  "In 
my  experience,  it  provides  a  very 
clean  mapping  between  authoriza¬ 
tion,  personalization  and  customiza¬ 
tion.”  He  defines  authorization  as 
knowing  what  each  visitor  is  allowed 
to  have;  customization  as  what 
each  visitor  wants  to  have;  and 
personalization  as  whatT.  Rowe 
wants  them  to  have. 

"When  you  can  manage  users 
and  provide  tailored  informa¬ 
tion,  that's  where  the  real 
return  occurs,”  says  Joe  Duffy, 
global  leader  of  Pricewater- 
houseCooper’s  Security  and 
Privacy  Practice.  "That's 
when  you  harness  the  power 
of  identity." 

-  Paul  Desmond 
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applications,  integration  with  client/server  applications 
likely  will  require  more  time-consuming  and  costly  cus¬ 
tom  integration  work. 

“You  basically  have  to  re-engineer  client/server  appli¬ 
cations  to  take  advantage  of  this  model,"  Ford  says. 

While  some  applications  are  worth  that  effort,  many 
organizations  choose  to  freeze  development  of  “fat- 
client”  applications  and  move  to  a  Web-based  model 
instead.  On  the  other  hand,  he  notes,  mainframe  applica¬ 
tions  are  relatively  easy  to  Web-enable  and  hook  into  the 
Web  access  management  system. 

Roll  your  own 

It’s  also  possible  to  create  your  own  Web  access  man¬ 
agement  engine,  like  Nucor  did  with  some  help  from 
software  developers  at  Extreme  Logic.  Nucor  is  a  $4.5 
billion  company  with  28  divisions, says  Scott  Messenger, 
corporate  IT  manager  for  the  Charlotte,  N.C.,  company.  In 
early  2001,  it  was  looking  for  a  simple  way  to  authorize 
employees  to  access  intranet-based  knowledge  manage¬ 
ment,  human  resources,  purchasing,  inventory  manage¬ 
ment  and  sales  collaboration  tools. 

Given  Nucor’s  decentralized  nature, “Our  big  issue  was 
how  to  build  something  where  we  could  distribute  the 
administration,”  Messenger  says.  Another  caveat  is  that  it 
could  take  no  more  than  60  minutes  to  train  users  how  to 
grant  permissions.The  goal  was  to  make  it  simple  enough 
that,  when  administrators  closed  the  screen, they’d  be  sure 
they  granted  only  the  intended  permissions. 

Nucor  also  was  dealing  with  a  largely  homogeneous 
Microsoft  environment,  which  made  the  implementation 
easier.  The  company  used  Active  Directory  as  the  founda¬ 
tion  for  its  identity  management  engine,  augmenting  its 
base  authorization  function  with  homegrown  software 
tokens  that  provide  thousands  of  permissions.The  permis¬ 
sions  are  grouped  into  packages,  or  profiles.  A  base  pack¬ 
age  might  provide  a  few  hundred  permissions,  granting 
access  to  everyday  human-resource  applications  and  the 
like.  Other  packages  define  the  permissions  specific  to  dif¬ 
ferent  jobs,  such  as  controllers  and  IT  staff.  Additional  per¬ 
missions  can  be  granted  to  any  individual  as  needed. 
Certain  permissions  kick  off  an  audit  event  that  shoots  an 
e-mail  to  appropriate  authorities  to  alert  them  that  the  per¬ 
mission  was  granted,  just  in  case  it  shouldn’t  have  been. 

Nucor  developed  the  engine  in  just  fiye  man-months, 
Messenger  says,  at  a  cost  of  less  than  $50,000,  including 
the  fee  paid  to  Extreme  Logic. 

The  “buy  vs.  build”  argument  typically  comes  down  to  a 
combination  of  corporate  philosophy  and  requirements 
to  solve  the  problem  at  hand.  For  American  Express, 

“Our  strong  preference  is  to  buy  rather  than  build," 
Barrett  says.  With  that  in  mind,  the  company  has  em¬ 
barked  on  a  metadirectory  strategy  with  which  it  will 
decide  what  directory  is  the  authoritative  source  for  any 
piece  of  data,  then  replicate  from  there  to  other  sources. 

All  sources  feed  a  central  Lightweight  Directory  Access 
Protocol  directory  to  keep  things  in  sync.The  idea  is  to 
follow  the  federated  approach  that  is  at  the  core  of  the 
Liberty  Alliance  work,  where  distributed  directories  each 
own  a  piece  of  the  pie.That  setup  has  American  Express 
ready  to  take  advantage  of  Liberty-enabled  tools  as  they 
become  available,  Barrett  says. 

The  road  map  comes  down  to  having  an  accurate  sense 
of  your  current  state  and  what  your  requirements  are.  From 
there,  you  can  decide  what  the  identity  management  sys¬ 
tem  should  accomplish,  Burton  Group’s  Kampman  says, 
“You  don’t  do  identity  management  in  a  vacuum." 

Desmond ,  is  a  writer,  editor  and  president  of  PDEdit,  an 
editorial  content  company  in  Framingham,  Mass.  He  can 
be  reached  at  paul@pdedit.com. 
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Evil  lurks  all  over  the  Internet.  Keep  your  company’s 
network  secure  with  Websense  Enterprise  software. 

Root  out  hacking  tools  from  your  systems.  Block  access 
to  sites  that  promote  hacking  or  contain  malicious 
mobile  code.  And  beef  up  network  security  by 
proactively  preventing  the  launch  of  hacking  programs 
from  the  desktop.  With  its  efficient  installation  and 
seamless  integration  with  the  leading  firewalls,  proxy 
servers,  routers,  network  switches  and  caching 
appliances,  Websense  Enterprise  makes  protecting  your 
network  easier  than  ever.  So  why  not  turn  to  the 
leader  in  employee  Internet  management  to  bring  your 
company’s  anger  management  issues  under  control. 
Visit  www.websense.com  today  for  more 
information  or  to  download  a  free,  30-day  trial 
of  Websense  Enterprise. 
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very  day  millions  of  users  log  on 
to  personal  AOL  Instant 
Messenger,  Microsoft  MSN 
Messenger  or  Yahoo  Messenger 
accounts  from  enterprise-issued  comput¬ 
ers  to  hash  out  work  issues.  Many  do  so 
with  the  honest  intent  of  increased  pro¬ 
ductivity  yet  unwittingly  jeopardize  their 
corporations  well  being. 

Uncontrolled  public  instant-message  service  use  expos¬ 
es  a  company  to  three  types  of  risk.The  first  comes  from 
malicious  code.  Unless  a  user  takes  precautions,  the  files 
or  executables  sent  between  instant-message  clients  regis¬ 
tered  with  public  servers  aren't  scanned  for  viruses. That 
(means  hackers  can  introduce  viaises  and  worms  into 
networks  via  content  transmitted  in  instant  messages. 

Next  comes  the  threat  of  corporate  espionage.  An  em¬ 
ployee  with  a  public  instant-message  client  running  on  an 
enterprise  PC  could  use  FTP  to  send  a  sensitive  file  to 
someone  outside  the  organization,  without  difficulty  and 
without  leaving  a  trace.  Or  an  outside  instant-message 
user  could  assume  a  false  identity  and  present  himself  as 
a  trusted  individual  —  a  superior  or  other  employee,  a 
friend,  a  supplier  or  a  customer  —  to  gain  sensitive  infor¬ 
mation.  Even  when  public  instant-message  service  users 
trust  one  another’s  identities,  the  “clear  text”  chats  they 
have  over  the  Internet  are  at  risk, security  experts  say 

Finally  uncontrolled  use  of  public  iastant-message  ser¬ 
vices  can  expose  companies  to  legal  risks.  A  company 
could  come  under  fire,  for  example,  if  employees  wrong¬ 
fully  distribute  copyrighted  works.  And  those  in  the  regula¬ 
tion-laden  financial  services  and  healthcare  industries 
could  suffer  legal  consequences  if  instant  messages  aren’t 
monitored  and  logged  according  to  federal  mandate. 

IT  managers  confronted  with  public  instant-message 
service  use  are  left  weighing  these  risks  against 

See  IM,  page  SI  4 
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As  employees  flock  to  public  instant- 
message  services,  net  execs  pour 
on  the  security  countermeasures. 


■  BY  CHRISTINE  PEREY 


If  public  instant  messaging  doesn't  fit 
under  the  corporate  security  umbrella, 
block  it  to  prevent  surreptitious  use, 
says  John  Kinas,  senior  network  admin¬ 
istrator  for  the  District  of  Columbia  Bar 
Association. 
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Can  your  antivirus  software  provide  double  the  scanning  power?  Ours  can. 

Making  sure  your  company  is  secure  gets  more  and  more  difficult  every  day.  That's  why  eTrusfM  Antivirus  v7  from  Computer 
Associates  uses  dual  scanning  engines  to  ensure  comprehensive  virus  protection.  It  processes  data  in  real  time  to  search 
out  and  eliminate  viruses,  and  it  also  scans  files  during  prescheduled  and  off-peak  hours.  All  at  the  cost  of  most  single¬ 
engine  AV  products.  It's  more  than  just  twice  the  protection.  It's  twice  the  peace  of  mind.  ca.com/etrust/antivirus 


eTrust™  Antivirus 


Computer  Associates® 
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Rajiv  Mistry  has  spent  nearly  a  decade  working  in  enter¬ 
prise  IT  architecture.  His  expertise  entails  innovative 
enterprise  information  technology  architectures  using 
the  latest  advances  in  technology,  data  warehousing, 
data  mining  and  lifecycle  management  of  integrated 
product  development  from  seed  to  market. 


THE  EXPERT 

A  few  minutes  with  Rajiv  Mistry,  Director,  Data  Warehousing 
&  Business  Intelligence  Enterprise  Collaboration, 
Americas,  Avanade  Inc. 


Enterprise  Business  Intelligence 


>  What  are  the  business  trends  driving  enter¬ 
prise  Business  Intelligence? 

More  and  more,  business  professionals  require  access  to 
real-time  business  information  that  flows  freely  throughout 
the  enterprise. The  knowledge  worker  is  no  longer  a 
theory;  she  is  running  your  mortgage  refinance  process  as 
you  talk  to  her. Telemedicine  is  no  longer  an  exclusive 
realm;  it  can  run  life  support  from  anywhere  globally  and 
deliver  decisions  and  metrics  in  near  real  time. 

These  are  the  business  demands  that  have  given  rise  to 
such  popular  Bl  applications  as  CPM  (Corporate  Perfor¬ 
mance  Management),  CRM  (Customer  Relationship  Manage¬ 
ment),  and  BAM  (Business  Activity  Monitoring). 

To  address  CPM,  BAM  and  CRM,  a  thoroughly  inte¬ 
grated  application  architecture  envelope  must  be  designed 
in  a  manner  that  allows  access  to  the  full  range  of  real  time 
(or  operational),  tactical  and  strategic  reports  in  a  flexible 
manner.  Applications  that  were  previously  unthinkable 
must  become  reality  to  support  scenarios  like  CRM 
analytics,  CPM  decision  support  and  BAM-related  opera¬ 
tional  actionability. 

>  What  benefits  can  companies  expect 
to  gain? 

There  are  a  number  of  vital  benefits  to  applying  Bl  within  a 
company,  such  as  the  following: 

Better  decision-making.  By  accessing  necessary  infor¬ 
mation  faster  and  drawing  on  rich  analytical  tools  to  parse 
the  data  for  vital  new  insights  into  issues  such  as  customer 
buying  habits,  companies  can  speed  their  decision  pro¬ 
cesses  significantly,  and  boost  their  profits  by  doing  so. 

Competitive  advantage.  Faster  decision-making  allows 
companies  to  deploy  new  innovations  faster,  enabling  them 
to  get  ahead  of  the  competition.  Greater  agility  means 
being  able  to  maintain  this  lead. 

Customer  satisfaction.  Customers  are  always  more  sat¬ 
isfied  when  their  needs  are  filled  quickly.  This  happens 
when  execution  of  internal  processes  is  faster,  more  effi¬ 
cient  and  accurate,  and  when  fulfillment  of  product  re¬ 
quests  and  service  requests  is  done  with  a  greater  speed, 
accuracy  and  finesse. 

Single  version  of  the  truth.  While  most  companies  talk 
of  getting  to  a  single  version  of  the  truth,  the  fact  is  there 
are  at  least  three  different  ways  of  perceiving  the  truth: 


strategically,  tactically  and  operationally.  A  reporting 
scenario  that  forecasts  a  viable  strategic  direction,  creates 
analytic  drillable  reports  and  reveals  defects  in  real  time 
would  support  a  single  version  of  the  truth. 

>  What  are  the  main  inhibitors  to  success? 

The  main  barrier  to  mainstream  acceptance  of  Bl  has  been 
the  fact  that  it  was  previously  deemed  to  be  complex  to 
use,  requiring  specialized  skills  to  read  a  report  and  figure 
out  trends.  Moreover,  the  time  gap  resulting  from  process¬ 
ing  delays  could  lead  to  stale  data  in  reports,  thus  keeping 
Bl  out  of  the  acceptable  norm  in  corporate  decision  making. 
The  advances  in  Wintel/SQL  Server/Analysis  Services  drive 
such  inefficiencies  out  and  create  a  more  realistic  solution 
that  brings  Bl  to  the  masses  and  lets  the  single  version  of 
the  truth  be  within  their  grasp. 

There’s  also  a  false  perception  that  Bl  is  slow,  ironically 
driven  by  delays  in  IT  funding.  In  spite  of  the  fact  that  a  Bl 
investment  can  lead  to  revenue  growth,  difficult  economic 
times  have  driven  fiscal  stringency  within  the  technology 
department,  and  Bl  implementations  are  no  exception. 

>  How  can  Packaged  Solutions  provide  bene¬ 
fit  for  Bl? 

Packaged  solutions  invariably  need  some  customization  spe¬ 
cific  to  the  customer  needs.  However,  even  taking  this  into 
consideration,  the  speed  of  implementation  is  vastly 
enhanced  compared  with  a  custom  built  solution. This 
allows  customers  to  address  performance,  scalability,  inte¬ 
gration  and  cost  issues  rapidly  and  achieve  very  good  Bl 
reporting  results. 

Technologies  like  the  Unisys  ES  7000  servers  address 
scenarios  that  are  not  possible  on  scaled-out  commodity- 
driven  hardware  platforms.  Specifically,  in  bringing  high  per¬ 
formance  to  bear  on  reducing  batch  cycle  time,  high  con¬ 
currency  loads  and  large  data  volume  throughput  across 
many  vertical  industries,  this  platform  has  proven  to  be  very 
robust  and  cost  efficient. 


For  more  information,  please  call  800-874-8647  x385 
or  visit  www.unisys.com/bi 
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Imagine  it: 

Underwriting  cyber  risks  -  from  viruses  to  cyber¬ 
extortion.  How  do  you  provide  insurance  for  these 
new  and  devastating  threats?  You  understand  them 
first  -  and  work  with  a  partner  who  could  uncover  a 
broad  range  of  security  and  technology  gaps. 


Done: 

AIG’s  eBusiness  Risk  Solutions  Group  partnered 
with  Unisys  and  leapt  together  into  cyber  protection. 
Today,  AIG  eBRS  provides  most  of  the  world's 
network  security  and  cyber  insurance.  And  Unisys 
integrates  planning  and  protection  for  a  broad 
range  of  needs  like  privacy.  Identity.  Collaboration. 
Business  Continuity.  Infrastructure.  Our  holistic 
approach  is  one  reason  why  Unisys  has  been 
awarded  IT  security  integration  for  U.S.  airports. 

Can  we  help  you  identify  security  gaps?  Call  us. 

Security  with  precision  thinking  and  relentless 
execution  to  drive  your  vision  forward. 


Imagine  it.  Done. 

www.unisys.com/security  800.874.8647  x372 
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productivity  gains.The  primary  reason  for  blocking 
instant-message  use  is  to  manage  risk,  not  to  prevent  per¬ 
sonal  chats  or  to  ward  off  offensive  or  promotional  con¬ 
tent  from  unknown  third  parties, users  say 
That’s  why  the  District  of  Columbia  Bar  Association 
decided  to  block  instant  messaging  after  it  discovered 
public  instant-message  clients  on  more  than  50%  of  the 
associations  85  employee  desktops, says  John  Kinas, 
senior  network  administrator.  Managers  studied  instant- 
message  use  and  decided  instant  messages  are  not 
appropriate  business  communications  for  the  association. 
“There  just  weren’t  circumstances  in  which  the  benefits 
outweighed  the  risks,”  Kinas  says. 

The  bar  association  is  in  good  company  In  a  September 
2002  study,  Osterman  Research  found  that  nearly  one- 
quarter  of  the  196  companies  surveyed  were  actively 
blocking  public  instant-message  services. 

Managing  IM  use 

The  good  news  is  AOL,  Microsoft  and  Yahoo  recognize 
the  need  to  provide  better  management  and  greater  secu¬ 
rity  for  public  instant-message  service  use  in  companies. 
Each  has  announced  relationships  and  introduced  prod¬ 
ucts  targeting  business-customer  needs. 

AOL  offers  AIM  Enterprise  Gateway, software  built  on 
technology  from  real-time  communications  management 
provider  FaceTime  Communications.The  gateway  man¬ 
ages  AIM  use  from  enterprise  directories  behind  a  corpo¬ 
rate  firewall. Network  executives  can  control  employees’ 
use  of  the  service,  or  log,  audit  and  create  reports  on  AIM 
communications  to  satisfy  regulatory  compliance  needs. 
AOL  says  a  release  set  for  later  this  year  would  let  enter¬ 
prise  AIM  users  send  and  receive  encrypted  messages; 
this  functionality  comes  through  a  deal  with  VeriSign. 

Microsoft  MSN  offers  a  similar  enterprise  gateway  prod¬ 
uct,  MSN  Connect  for  Enterprise,  which  is  based  on  soft¬ 
ware  from  IMlogic. Yahoo  Messenger  Enterprise  Edition  is 
a  service  and  gateway 

The  bad  news  for  IT  managers  looking  for  near-term 
security  fixes  is  these  business  models  are  still  unproven, 
and  these  offerings  are  limited  in  that  they  only  apply  to 
users  of  each  provider’s  particular  service. 

That  makes  configuring  firewalls  to  block  specific  ports 
and  instant-message-related  services  the  first  line  of 
defense  for  most  IT  managers.  Unfortunately, sophisticated 
users  and  the  public  instant-message  service  providers 
have  ways  to  circumvent  port-specific  blocks. 

Alternatively,  IT  managers  can  rely  on  specialized  public 
instant-message  management  software  available  from 
vendors  such  as  Akonix,  FaceTime,  IMlogic  and  IM-Age 
Software. The  software  is  designed  to  measure  public 
instant-message  service  use  in  an  enterprise  network  with¬ 
out  tampering  with  firewalls. 

Public  instant-message  service  management  software 
with  teeth  to  enforce  policies  doesn’t  come  free.  Depen¬ 
ding  on  functionality,  the  protocols  under  scrutiny  and 
the  size  of  the  company  the  annual  fee  for  public  instant- 
message  service  security,  logging  and  auditing  can  run  as 
much  as  $50  per  seat.  However,  that  cost  could  drop  to  as 
low  as  $8  per  user  within  a  year  or  two  as  the  market  con¬ 
solidates,  says  Matt  Cain,  a  Meta  Group  analyst. 

Some  freeware  programs  are  available.  For  example,  Ako¬ 
nix’s  Rogue  Aware  and  IM-Age’s  IM-Sniffer  detect  and  audit 
(and  to  differing  degrees  allow  selective  blockage  of)  pub- 
lic  instant-message  service  use  while  running  on  a  corpo- 
ltr  server  Products  such  as  these  reveal  trends,  which  let 
>  >m|  >anies  set  and  eventually  enforce  usage  policies. 

:st  ant-message  management  tools  come  in  two  flavors, 
try-leading  lMlogic’s  IM  Manager, as  well  as  Face- 
a  1  s  IM  Auditor  Enterprise  and  Akonix’s  L7  Enterprise, 
monitor  and  manage  by  way  of  software  that  runs  on  one 


or  more  general-purpose  servers  inside  (or  in  conjunction 
with)  the  firewall,  for  instance.  All  public  instant-message 
service  traffic  is  routed  through  the  server  for  logging  and 
enforcement  of  corporate  instant-message  usage  policies. 

At  California  State  University  San  Marcos,  Akonix’s  L7 
Enterprise  software  lets  IT  meet  network  security  objec¬ 
tives  while  not  jeopardizing  university  policy“We  are  fun¬ 
damentally  opposed  to  the  notion  of  interfering  with  free 
speech,” says  Mike  Irick,  assistant  IT  director  at  the  college. 
“We  would  never  dream  of  blocking  public  IM  traffic.” 

Server  products  such  as  these  have  several  benefits.  For 
instance,  they  enable  in-house  management  for  rapid  and 
seamless  integration  with  existing  network-based  corpo¬ 
rate  directories. They  offer  the  ability  to  change  policies 
by  time,  day  or  any  other  criteria  including  policy  man¬ 
agement  by  user  group  or  individual  from  a  single  inter¬ 
face.  They  provide  centralized  data  storage, search  and 
retrieval.  No  special  client  software  is  necessary. 

On  the  other  hand,  IM-Age  offers  IM  Policy  Manager 
client/server  software.  In  this  architecture,  IT  managers 
must  install  the  application  on  every  desktop  that  needs 
to  be  secured,  logged  or  audited.  As  of  this  writing,  IM- 
Policy  Manager  is  the  only  public  instant-message  man¬ 
agement  product  with  encryption.  IM-Age  uses  448-bit 
Rolling  Salt  Blowfish  encryption. 

One  benefit  of  the  client/server  architecture,  which  IM- 
Age  also  offers  as  an  outsourced  product,  is  that  policies 
are  enforced  and  all  traffic  on  the  client  PC  is  logged, 
even  if  the  instant-message  policy  server  is  down  or  other¬ 
wise  inaccessible.  Once  reconnected,  the  client  synchro¬ 
nizes  with  the  server. 

Maurice  Lonergan,  IT  director  at  Wire  One,  a  videocon¬ 
ferencing  reseller  in  Hillside,  N.J.,  finds  use  of  IM-Age’s  IM 
Policy  Manager  sensible  for  two  reasons.  First,  it  operates 
as  a  deterrent  because  whenever  an  employee  initiates 
an  instant-message  session  using  a  public  instant-message 
service,  the  software  notifies  all  parties  that  their  commu¬ 
nications  are  being  archived. 

“We  are  interested  in  knowing  how  much  time  employ¬ 
ees  are  spending  on  personal  communications,”  Lonergan 
says.“But  we  already  know  that  by  telling  everyone  we  are 
logging  traffic  on  public  instant-message  networks  we  are 
reducing  the  temptation  some  people  feel  to  communi¬ 
cate  with  friends  and  family  when  their  employer  expects 
them  to  be  productive.” 

IM  Policy  Manager  also  reduces  Wire  One’s  vulnerability 
to  data  leakage  through  unencrypted  messages.“Our 
intellectual  property  is  our  biggest  strategic  advantage, 
and  we  don’t  want  it  inadvertently  or  intentionally  getting 
into  our  competitor’s  hands,”  Lonergan  says. 

Future  IM  use 

As  instant-message  use  becomes  commonplace  in  the 
home  and  at  colleges,  public  instant-message  service 
usage  in  companies  will  only  increase.  With  proper  desk¬ 
top  and  network  management  tools,  IT  managers  can  cer¬ 
tainly  reduce,  if  not  eliminate,  the  risks  associated  with  it. 
Still,  over  the  long  run,  corporate  instant-message  pack¬ 
ages  with  comprehensive  and  easy-to-manage  private-to- 
public  gateways  are  likely  to  hold  more  appeal  to  enter¬ 
prise  users  and  IT  managers. 

When  such  private-to-public  instant-message  communi¬ 
cations  gateways  and  enterprise-to-enterprise  presence 
and  instant-message  tools  become  available  this  year  and 
next,  they  will  better  fulfill  security  and  risk  management 
needs  for  monitoring,  logging  and  auditing  the  flow  of 
enterprise  data.  And  network  managers  might  review  their 
policies  toward  public  instant-message  use  accordingly 

Perey,  president  of  Perey  Research  &  Consulting  in 
Placerville,  Calif., specializes  in  rich  media  collaboration  and 
communications.  She  is  also  a  member  of  the  Network 
World  Global  Test  Alliance  and  can  be  reached  at 
cperey@perey.  com. 


IM  policy  pointers 

As  with  any  enterprise  network  appli¬ 
cation,  good  security  for  instant  mes¬ 
saging  starts  with  smart  business 
practices.  If  public  instant-message  services 
are  permitted  within  the  company,  users  first 
must  agree  to  a  corporate  usage  policy.  Meta 
Group  recommends  that  an  instant-message 
use  policy  should  at  least  cover  these  points: 

•  Privacy.  Instant-message  users  should  have 
no  expectation  of  privacy,  and  are  subject  to 
monitoring  when  policy  abuse  is  suspected. 
Users  of  public  instant-message  services 
should  be  aware  that  they  are  broadcasting 
their  presence  to  all  users  on  the  public 
network. 

•  Offensive  content.  Circulation  of 
offensive  material  (racist,  sexist,  among 
others)  is  prohibited  and  grounds  for  imme¬ 
diate  termination. 

•  Personal  use.  Personal  use  is  either 
acceptable  within  reason,  or  forbidden. 

•  Security.  External  communication  can  be 
intercepted  and  redirected.  Disclosure  of 
any  sensitive  material  is  strictly  prohibited. 

•  Contact  lists.  Business  and  personal  con¬ 
tacts  should  be  on  separate  lists  to  minimize 
the  risk  of  mistaken  communication. 

•  Screen  names.  Use  a  business-appropriate 
screen  name  that  meets  corporate  conventions. 
•  Liability.  Judges  can  subpoena  instant  mes¬ 
sages.  Avoid  libelous,  defamatory  and  other 
unsavory  communications. 

•  Personal  information.  Do  not  include  per¬ 
sonal  data  (passwords,  credit-card  numbers) 
in  instant  messages. 

•  Viruses.  Be  aware  that  instant  messages 
can  contain  viruses  and  other  destructive 
payloads.  Be  alert  to  any  suspicious  mes¬ 
sages.  Decider  whether  file  transfer  via 
instant  messaging  is  permitted  or  not. 

•  Etiquette.  Observe  all  forms  of  personal 
etiquette  when  communicating  via  instant 
messaging.  Use  of  the  "Do  not  disturb" 
feature  is  acceptable. 

-  Christine  Perey 
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More  online 

Read  how  stock  brokerage  firm 
Stifel  Nicolaus  learned  its  IM  lesson. 
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Elmer  won  second  place 
in  a  gardening  contest. 

He  got  a  bag  of  seeds  and  a 
backyard  full  of  plastic  flamingos. 
You’re  flying  high  now  Elmer. 
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provide  comprehensive  detail  to  enable  complete  remediation.  Take  control  of  your  network  and 
let  Retina  simplify  your  risk-reduction  process.  Because  nothing  beats  number  one. 

FREE  RETINA  Trial  Version  and  Whitepaper:  www.eeye.com/free 
or  Call  1.866.282.8276  For  More  Information 
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3  Security  for  today’s  workforce 

f*  BY  ELLF.N  MESSMER 

hats  the  difference 
between  a  PC  sitting  on  a 
desktop  at  company  head¬ 
quarters  dedicated  to  work 
and  one  on  a  kitchen  countertop  that  an 
employee  occasionally  uses  for  work  —  when 
family  members  aren’t  e-mailing  friends,  pay¬ 
ing  bills,  researching  school  projects  or  play¬ 
ing  games  on  it?  Nothing,  according  to  a  grow¬ 
ing  number  of  enterprise  security  managers. 

As  Kerry  Anderson,  vice  president  and  information  security 
officer  at  Fidelity  Investment  Brokerage,  sees  it, “There  are 
personal  machines  and  company  machines,  but  you  have  to 
have  a  lowest  common  denominator  for  security  on  them.” 

Anderson  and  other  security  managers  are  starting  to  pro¬ 
vide  employees  basic  protection  for  their  home  PCs,  as  well 
as  evaluating  what  other  types  of  security  products  are  nec¬ 
essary  to  keep  all  clients  safe.Today’s  basic  protection  to-do 
list  always  includes  installing  antivirus  software,  but  more  fre¬ 
quently  now  it  also  features  should-  or  might-haves  such  as  a 
personal  firewall,  an  intrusion-detection  program  or  a  VPN 
client  to  encrypt  remote  communications.  Some  IT  man¬ 
agers  also  lock  down  desktop  applications  to  prevent  unau¬ 
thorized  use  or  install  behavior-blocking  software,  such  as 
the  Okena  StormWatch  product  Cisco  recently  acquired,  to 
prevent  new  computer  worms  or  other  harmful  bugs  from 
ravaging  the  local  registry 

At  Fidelity,  employees  must  use  personal  firewalls  and 
antivirus  software,  which  the  company  pays  for,  on  home 
PCs.The  Boston  financial-services  firm  manages  the 
antivirus  updates  remotely  using  Symantec’s  LiveUpdate  fea¬ 
ture  and  blocks  network  access  until  users  have  updated  the 
antivirus  software  with  the  latest  signatures.  And  this  year,  as 
it  upgrades  corporate  PCs  to  Microsoft’s  XP  desktop  operat¬ 
ing  system,  Fidelity  intends  to  lock  down  PCs  so  employees 
can’t  use  unauthorized  software  such  as  online  games  and 
inadvertently  allow  Trojans  on  the  network.  It  will  push  out 
desktop  security  settings  to  XP-based  desktops  via  Microsoft 
Management  Console  or  Active  Directory. The  company  also 
will  be  able  to  configure  XP  as  a  desktop  firewall. 

Configuresoft  is  another  vendor  offering  IT  managers  the 
chance  to  push  out  security  template  settings  and  enforce 
the  use  of  desktop  security  software  and  virus-signature 
updates.  With  Enterprise  Configuration  Manager,  users  must 
have  the  security  application  running  to  gain  network 
access;  remote  employees  cannot  turn  off  the  antivirus  func¬ 
tion  to  speed  computer  processing  and  expect  to  tap  into 
corporate  network  resources,  for  example.  One  step  ahead  of 
Microsoft  capabilities  at  the  moment,  the  Configuresoft  prod¬ 
uct  also  will  do  remote  audits  and  generate  reports. 
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Security 
managers 
today  are 
bent  on 
keeping  ail 
PCs,  even 
workers' 
home 

computers, 
safe  from 
harm. 


Buy  off  the  menu  or  shop  around? 

Antivirus  giants  Network  Associates  and  Symantec 
bundle  desktop  firewall  and  intrusion-detection  func¬ 
tions  in  their  respective  McAfee  Active  Client  Security 
and  Client  Security  products.Third-ranked  Trend  Micro 
partners  to  provide  increased  functionality  For  instance, 
Trend  Micro’s  desktop  antivirus  software  works  with 
Check  Point  desktop  VPN  software  so  that  every  time  a 
user  establishes  a  remote  connection,  the  VPN  enforces 
use  of  the  antivirus  software  and  the  latest  virus-signa¬ 
ture  updates. 

A  strategy  question  facing  every  enterprise  IT  man¬ 
ager  is  whether  to  buy  desktop  security  products  from 
one  vendor  or  shop  around  for  point  products.  Long¬ 
term  buying  trends  suggest  small  businesses  primarily 
prefer  to  buy  from  one  vendor,  while  larger  firms  are 
willing  to  put  an  array  of  products  through  laborious 
testing  and  review. 

That  kind  of  scrutiny  paid  off  for  Casey  Family  Pro- 
grams,  a  Seattle  social-services  support 
organization,  when  trying  to  determine 
the  best  desktop  firewall  to  deploy. 
l  Sandy  Basik,  director  of  security  at 
Casey,  uncovered  a  number  of  inte- 
Bk  gration  issues  when  she  analyzed 
desktop  firewalls  with  an  eye 
toward  bringing  remote  and 
^  home-use  firewalls  under 
V  corporate  network  man- 
agement  control. 

“There  are  firewalls  you  can 
push  to  the  home  and  still  integrate 
into  the  corporate  environment,  through 
lockdown,  so  they  can’t  be  changed,”  Basik  says. 
“Our  corporate  policy  says  non-Casey  assets  are  not 
permitted  to  be  connected  to  the  corporate  network.” 

Basik  says  she  found  the  WatchGuard  small  office/ 
home  office  doesn’t  work  well  with  the  Check  Point 
Firewall- 1.  But,  with  a  Cisco  PIX  firewall  and  a  Nokia 
VPN,  several  software-based  personal  firewall  products 
appear  to  work  well  on  the  desktop. These  include  The 
Zone  Alarm  Pro,  Sy gate’s  personal  firewall,  the  Tiny 
Personal  Firewall  and  Internet  Security  Systems’  Black 
Ice.  Hardware-based  personal  firewalls  that  worked  well 
include  Global  Technology  Associates’  Gnat  Box  and 
those  from  NetScreen  and  Linksys.she  says. 

Safety  in  numbers 

Some  organizations  favor  a  multivendor  strategy  For 
example,  the  Defense  Information  Systems  Agency  has 
agreements  with  Network  Associates  and  Symantec  to 
provide  antivirus  software  to  the  U.S.  military,  which  pays 
for  home  use  of  protection  software.  (Acknowledging 
that  customers  often  use  rival  products,  Network  Associ¬ 
ates  and  Symantec  have  adapted  their  management 
consoles  to  monitor  and  manage  each  other’s  desktop 
antivirus  products.) 

Prudential  Financial  relies  on  McAfee  Security  as  its 
primary  desktop  antivirus  vendor,  but  maintains  rela¬ 
tionships  with  other  antivirus  vendors  because  “some 
are  faster  than  others”  in  identifying  new  viruses  and 
preparing  signature  updates, says  Kathy  Kirk,  director  of 
information  security  at  the  Newark,  N.J.,  company. 
Prudential  allows  access  over  the  Internet  to  home 
workers,  as  long  as  they’re  using  business-subsidized 
antivirus  software.“Desktop  protection  is  your  last  line  of 
defense  from  external  threats  and  your  first  line  of 
defense  from  internal  threats,”  Kirk  says. 

For  enforcement,  Prudential  uses  Sygate’s  Enterprise 
Security  Client,  which  is  loaded  on  each  employee 
machine.  IT  can  remotely  manage  and  configure  the 
Sygate  software,  granting  or  denying  access  based  on 
time  of  day,  patch  level  of  the  operating  system  or  virus- 
signature  update,  for  example,  Kirk  explains.“If  it’s  not  on 
the  client,” she  adds, “you  can’t  get  into  the  network.”  ■ 
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Find  out  why  IDC  recently  reported  that  Nokia  had  captured 
top  spot  in  the  most  competitive  firewall  appliance  segment. 

The  Nokia  approach  to  security  integrates  the 
world's  best  security  software  with  Nokia’s 
purpose-built  hardened  hardware,  operating 
system,  and  rapid  deployment  management 
platforms,  creating  a  best-of-breed  solution 
that’s  easy  to  implement  and  manage.  Take 
Nokia’s  partnership  with  Check  Point  Software 
Technologies,  world  leader  in  VPN/Firewall 
software  that  allows  organizations  to  deploy  a 


NOKIA 

Connecting  People 


single,  integrated  solution  for  secure  Internet 
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easy  to  deploy  intrusion  protection  appliance 
available  today.  Our  program  for  security  developers 
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software  such  as  network  management  agents, 
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Vendors  are  creating  a  dizzying  array  of  Wi-Fi  security  choices, 
but  standards  compliance  won’t  necessarily  protect  you. 


BY  JULIE  BORT 


Wireless  LANs  have  been 

billed  as  the  great  secur¬ 
ity  wasteland.  But 
thanks  to  the  802.11b 
Wi-Fi  community’s  frenetic  activity  in  the 
last  year,  an  abundance  of  good  security 
choices  now  exist,  with  more  on  the  way. 

Wi-Fi  security  efforts  have  focused  on  encryption  and 
authentication,  with  users  essentially  getting  two  choices 
for  locking  down  WLANs.They  can  use  IP  Security 
(lPSec)-based  VPNs  or  build  security  architectures 
around  pending  Wi-Fi-specific  security  standards.  Within 
the  Wi-Fi  standards  are  more  choices. 

With  such  options,  corporate  users  can  secure  any 
WLAN,  even  for  sensitive  data.“Don’t  wait  for  the  Holy 
Grail,  or  you’ll  lose  an  opportunity  to  invest  in  an  architec¬ 
ture  that  could  be  of  tremendous  benefit,” says  OJ.Wola- 
nyk.CIO  for  Memorial  Health  System  in  Springfield,  111. 


Wolanyk  is  overseeing  a  $30  million,  three-year  project 
that  will  let  doctors  carry  patient  data  on  portable  de¬ 
vices  while  making  their  rounds,  connecting  to  patient 
medical  records  and  research  sites  via  an  802.1  lb  net¬ 
work.  He  relies  on  an  IPSec  VPN  created  by  ReefEdge’s 
Wi-Fi  authentication  server  to  protect  network  access 
while  providing  Triple-DES  encryption. 

Wolanyk  and  other  early  adopters  tell  peers  not  to  be 
scared  off  by  ongoing  work  on  Wi-Fi  security  standards. 
Wthin  the  next  year  or  so.standards  will  be  final, stan- 
dards-compliant  products  will  be  shipping,  and  de  facto 
winners  of  competing  underlying  security  technology  will 
have  emerged.  Upgrading  existing  equipment  and  tossing 
out  the  old  is  typical  in  the  Wi-Fi  world  users  point  out. 

After  all,  security  isn’t  the  only  part  of  Wi-Fi  that  could 
make  the  access  points  and  client-side  antenna  network 
cards  obsolete.  Speed  also  is  an  issue,  with  the  migration 
from  1 1M  bit/sec  with  802.1  lb  to  54M  bit/sec  with 
802. 1  la  or  802. 1  lg.says Thomas  Gaylord, CIO  of  the  Uni¬ 
versity  of  Akron  in  Ohio.  His  approach  is  to  go  with  one 
vendor,  Cisco,  for  all  access  points  and  to  rely  on  Cisco's 
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assurances  of  future  compatibility.  He  has  begun  to  mix  in 
faster,  more  secure  Aironet  1200  access  points  (capable  of 
being  upgraded  to  802.1  la, 802. 11  g  and  the  emerging  Wi¬ 
Fi  security  standards)  with  older  Aironet  340  and  350 
models.  As  to  the  wireless  clients,  he  will  rely  on  a  future 
feature  that  would  autodetect  software/firmware  versions 
and  upgrade  to  new  versions  if  necessary  he  says. 

“That’s  how  we  see  ourselves  protecting  our  invest¬ 
ment:  using  a  blended  or  dual  [access  point]  environ¬ 
ment,”  Gaylord  says. 

The  good  news,  too,  is  that  many  vendors  are  building 
802.1 1  products  with  speed  and  security-upgrade  paths 
in  mind.  And  they  are  pricing  this  gear  low  enough  to  be 
fully  depreciated  over  two  to  three  years  —  rather  than 
five  years  as  some  more  expensive  equipment  requires. 
This  makes  a  replacement  budget  feasible  —  at  least  for 
access  points  —  should  you  need  to  swap  out  to  stan- 
dards-compliant  equipment,  users  and  vendors  agree. 

For  instance,  access  points  are  priced  from  $100  to 
$1,000  and  802.1 1  PC  cards  cost  $50  or  less. 

Moreover,  standards  work  is  fairly  far  along.  Should  you 
decide  to  buy  now,  you  comfortably  could  predict  which 
security  choices  will  win  in  the  long  run.Yet,  vendors  are 
not  making  Wi-Fi  security  choices  easy  to  understand  nor 
packaging  their  products  with  basic  security  defaults.The 
onus  is  on  you  to  learn  about  the  choices  in  authentication 
and  encryption  protocols,  and  how  to  implement  them. 

IPSec  VPNs,  WPA  and  802.1 1i 

Wi-Fi  security  is  a  maze  of  choices.  On  the  one  side, 
security  vendors  and  users  are  addressing  Wi-Fi  security 
with  tried-and-true  IPSec  VPNs.  On  the  other  side,  Wi-Fi 
developers  are  working  feverishly  to  add  strong  native 
security  support  into  802.1 1  networks. 

While  effective,  using  an  IPSec  VPN  for  wireless  security 
has  several  drawbacks.  For  one,  it  is  limited  to  IP  traffic, 
and  it  carries  all  the  complications  of  wired  IPSec,  such 
as  configuration  complexity  and  the  requirement  of 
client-side  code.  Native  Wi-Fi  security  support  will  win  in 
the  longer  term  for  enterprise  WLANs,  analysts  say  with 
VPNs  coming  in  handy  for  some  circumstances.  For 
example,  a  road  warrior  on  a  Starbucks  public  802.1 1  net¬ 
work  always  will  need  a  VPN  to  tunnel  into  the  corporate 
network, says  Michael  Sutton,  director  of  engineering  for 
wireless  consultancy  iDefense. 

As  positive  as  standards  development  is,  the  pace  of 
Wi-Fi  security  developments  is  creating  a  bewildering 
number  of  interim  solutions.Two  overlapping  802.1 1 
security  protocols  are  in  the  barrel.  One  is  Wi-Fi  Pro¬ 
tected  Access  (WPA),  which  the  Wi-Fi  Alliance  vendor 
group  announced  last  October.The  first  WPA-certified 
products  are  expected  to  become  available  later  this 
year  based  on  the  first  WPA-certified  chipsets,  which 
began  shipping  during  NetWorld+lnterop  in  late  April. 

WPA  replaces  the  802.1 1  Wired  Equivalent  Privacy 
(WEP)  protocol,  much  lambasted  as  weak  thanks  to  its 
short  and  static  encryption  keys. With  a  firmware  upgrade 
that  overwrites  WEP,  WPA  offers  stronger  encryption  (see 
related  story,  right).  It  also  adds  authentication  protocol 
802.  IX,  an  IEEE  wired-world  standard  adapted  for  Wi-Fi. 

The  other  choice  is  the  IEEE’s  802.1  li,  the  ultimate  goal 
of  Wi-Fi  security  work.  802.1  li  includes  all  elements  of  the 
WPA  standard  while  upgrading  to  stronger  encryption. 
802.1  li  is  expected  to  be  completed  early  next  year, with 
portions  (such  as  the  stronger  encryption)  ratified  as  early 
.<s  the  end  of  this  year,  vendors  say  Products  that  claim  all 
o'  partial  802.1  li  compliance  might  begin  to  ship  before 
•■•02.  lli's  ratification, with  observers  estimating  availability 
i  !y  compliant  products  in  second-quarter  2004. 

Ti  u-  Wi-Fi  Alliance  intends  the  WPA  as  an  interim  stan- 
i  ud  while  the  wheels  of  the  IEEE  slowly  turn  on  802.1  li. 
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Vendors  promise  WPA  will  be  compatible  with  802.1  li. 

Go  take  an  EAP 

Between  encryption  and  authentication, you ’re  on  more 
treacherous  ground  with  authentication. The  802. IX  au¬ 
thentication  standard  used  in  WPA  and  802.1  li  (and 
sometimes  directly  named  as  a  supported  standard  by 
vendors)  holds  a  secret  black  hole  for  compatibility  It  re 
lies  on  the  IETF  Extensible  Authentication  Protocol  (EAP), 
an  extension  of  PPP  At  least  five  incompatible  flavors  of 
EAP  can  be  used  with  802.  IX,  including  a  proprietary  ver¬ 
sion  from  Cisco. These  EAP  options  are  in  various  stages  of 
development,  from  draft  mode  to  widely  available. 

For  proper  authentication,  the  client  and  access  point 
must  use  the  same  EAP  version.  Sutton  warns  that  you 
could  buy  products  that  tout  compliance  with  WPA  or 
802.1  li  but  won’t  talk  to  each  other. 

If  you  choose  an  EAP  that  doesn’t  gain  de  facto  standard 
status,  the  access  point  will  be  to  other  EAP  clients  what  a 
two-hole  electrical  outlet  is  to  three-pronged  plugs. 
Converting  Wi-Fi  clients  to  a  de  facto  standard  before 
they’ve  fully  depreciated  could  be  a  drain  of  resources, 
both  time  and  money  And  for  newer  versions  of  EARinter- 
operability  is  sketchy  even  among  two  devices  using  the 
same  flavor  as  testing  at  NetWorld+  Interop  showed.  (See 
related  story  at  wwwnwfusion.com,  DocFinder:  6023.) 

Analysts  are  watching  the  EAP  wars  closely  and  have 
laid  bets  on  which  efforts  will  be  the  long-term  winners. 

Each  EAP  option  has  advantages  and  disadvantages. 

Microsoft’s  variant,  EAP-Transport  Layer  Security  (EAP- 
TLS),  is  widely  available.  Microsoft  supports  the  protocol 
in  all  versions  of  Windows  XP  and  has  released  a  free 
Windows  2000  EAP  client.  EAP-TLS  requires  certificates 
for  clients  and  servers.  Because  of  this,  some  users  per¬ 
ceive  this  implementation  to  be  more  secure  than  other 
EAPs.  However,  the  client-server  certificate  requirement 
also  means  EAP-TLS  needs  certificate  management,  such 
as  the  use  of  a  trusted  certificate  authority  and  the  ability 
to  revoke  certificates  quickly 

Cisco’s  EAP  variant,  the  popular  Lightweight  EAP 
(LEAP),  is  proprietary  —  its  biggest  downfall.  LEAP,  re¬ 
leased  in  2000,  provides  username/password  authentica¬ 
tion,  based  on  the  Windows  logon.  Certificates  are  not 
required,  but  until  recently  Cisco  access  points  and  clients 
were.  If  the  WLAN  was  available  to  a  variety  of  802. 1 1 
clients,  you  had  to  buy  LEAP  client-side  “supplicants,”  as 
EAP  client  code  is  called,  from  vendors  such  as  Funk  Soft¬ 
ware  and  Meetinghouse  Data  Communications  for  about 
$40  per  seat.That’s  a  pricey  proposition  for  organizations 
with  thousands  of  clients,  especially  compared  with  the 
free  EAP-TLS  supplicants  from  Microsoft.  Cisco  is  trying  to 
encourage  more  widespread  support  of  LEAP  on  Clients 
through  a  LEAP  licensing  program  it  now  offers  to  chipset 
vendors.  In  February  Cisco  announced  licenses  with  eight 
such  vendors,  including  Intel  for  its  Centrino  Mobile  Tech¬ 
nology  which  will  embed  LEAP  in  a  variety  of  laptops. 

The  third  EAP  variant  is  EAP-Tunneled  TLS  (EAP-TTLS), 
developed  by  Funk  and  Certicom.and  turned  over  to  the 
lETFNow  an  Internet  draft  last  updated  in  February,  EAP- 
TTLS  is  an  enhancement  of  EAP-TLS,  with  support  for 
advanced  authentication  methods  such  as  tokens.  A  vari¬ 
ety  of  Wi-Fi  vendors  have  signed  on  to  support  EAP-TTLS. 

The  fourth  EAP  choice,  Protected  EAP  (PEAP),is  a 
Cisco-Microsoft-RSA  Security  option  developed  to 
counter  the  momentum  EAP-TTLS  gained  as  Wi-Fi 
vendors  embraced  it,  Sutton  says.  He  characterizes  PEAP 
as  like  EAP-TTLS,  but  controlled  by  the  big  guys. 

PEAP  uses  certificates  in  a  fashion  similar  to  Secure 
Sockets  Layer  (SSL)  with  browsers. The  client  presents 
a  certificate  to  the  server,  but  does  not  require  one 
from  the  server  in  return.  Once  the  client  authenticates 
to  the  server  with  a  certificate,  it  “builds  the  encrypted 
tunnel  then  it  does  EAP  in  the  tunnel  to  authenticate 
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Wireless  encryption 
that  grows  on  you 

The  802.11  industry  is  crafting  two 
overlapping  forms  of  encryption, 
each  stronger  than  the  last. 

Two  new  encryption  efforts  have 

emerged  from  the  firestorm  of  com¬ 
plaints  over  the  easily  compromised 
short  and  static  keys  used  in  802.11’s  original 
security  standard,  the  Wi-Fi  Equivalent  Privacy 
protocol. 

Temporal  Key  Integrity  Protocol  (TKIP),  devel¬ 
oped  by  the  IEEE's  802.11  task  group,  is  one  of 
two  major  components  of  the  Wi-Fi  Alliance's 
Wi-Fi  Protected  Access  (WPA)  specification. 
Support  forTKIP  will  be  available  in  the  first 
WPA-compliant  products,  later  this  year. 

TKIP,  like  WEP  before  it,  is  based  on  the  RC4 
encryption  algorithm,  says  Chris  Bolinger,  prod¬ 
uct  manager  for  Cisco's  wireless  networking 
group.  ButTKIP,  which  will  be  available  as  a  soft¬ 
ware/firmware  upgrade  for  access  points  and  Wi¬ 
Fi  cards  already  equipped  with  WEP,  has  a  longer 
key  length  and  uses  dynamic  keys  that  are 
swapped  periodically. 

Advanced  Encryption  Standard  (AES)  is  the 
other  encryption  alternative  the  802.11  task  group 
is  writing  into  the  802.1 1  i  specification.  AES, 
expected  to  be  completed  in  the  second  half  of 
this  year,  provides  stronger  encryption  thanTKIP. 
It  is  able  to  fulfill  government  encryption  require¬ 
ments,  which  puts  it  on  par  with  tough  algorithms 
such  asTriple-DES. 

AES  first  will  reside  in  hardware  chipsets,  not 
software  likeTKIP,  vendors  say.That  means  up¬ 
grading  to  AES  likely  will  involve  trashing  existing 
hardware  or,  at  the  very  least,  the  antenna  portion 
of  the  access  point  and  network  cards,  should  the 
access  point  be  equipped  with  replaceable  anten¬ 
nas.  Some  recent  Cisco  Aironet  products  have 
replaceable  antennas,  Bolinger  says. 

Most  observers  viewTKIP  as  a  stopgap  mea¬ 
sure  until  AES  is  widely  available.  Still  for  many 
companies, TKIP  will  be  a  good  interim  step  for 
the  newer  equipment  that  has  WEP,  at  least  until 
purchasing  new  access  points  would  be  slated 
for  reasons  such  as  being  part  of  a  normal, 
scheduled  technology  refresh  cycle,  or  to  gain 
higher  Wi-Fi  speeds. 

Beware,  though,  that  vendors  already  are  jump¬ 
ing  the  gun  on  AES  and  starting  to  build  products 
they  claim  support  it.  Before  you  buy  Wi-Fi  equip¬ 
ment  that  the  vendor  says  provides  AES,  make 
sure  the  vendor  offers  an  upgrade  path,  should  it 
have  guessed  wrong  on  the  final  spec  and 
improperly  implemented  it.  Better  yet,  avoid  AES 
until  it’s  ready  for  prime  time. 

—  Julie  Bort 
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Wireless 

continued  from  page  S20 

the  client  —  a  two-step  authentication  process  like 
SSL,” says  Chris  Bolinger,  a  product  manager  with 
Cisco’s  wireless  networking  group.  Microsoft  has 
included  PEAP  in  XP  service  pack  releases  and,  as  it 
does  for  EAP-TLS,  offers  a  free  Win  2000  client. 

Vendors  also  often  support  the  fifth  EAR  EAP-MD5.  How¬ 
ever  this  older  EAP  is  rarely  used,  Sutton  says,  and  he  does 
not  see  it  growing  in  popularity 

He  is  placing  his  bets  on  PEAR  with  its  backing  by 
Cisco  and  Microsoft,  as  the  big  winner.  Cisco  and 
Microsoft  “saw  the  writing  on  the  wall”  and  realized  that 
their  versions  of  EAP  would  not  become  de  facto  stan¬ 
dards,  Sutton  says.  Still,  for  Cisco  houses,  LEAP  could 
remain  a  strong  contender  for  years,  particularly  once  it 
becomes  available  in  more  clients. 

So  WLAN  security  boils  down  to  three  choices: 

•  Use  one  of  the  public  domain  EAPs,  hoping  you 
picked  the  eventual  marketplace  winner  while  taking  on 
the  pain  of  certificate  administration. 

•  Go  with  LEAP,  which  requires  using  Cisco  access 
points  and  either  dictating  a  limited  variety  of  clients  to 
users  or  buying  all  the  clients  for  them.  (All  802.  IX 
authentication  methods  require  the  use  of  a  server  that 
supports  Remote  Authentication  Dial-In  User  Service 
and  this,  too,  would  need  to  understand  LEAP) 

•  Use  a  VPN,  sidestepping  802.1 1  security  altogether,  at 
least  until  it  matures. 

Security  choices 

The  University  of  Akron  made  the  LEAP  choice 
because  it  didn’t  force  the  use  of  certificates,  Gaylord 
says.The  university  has  standardized  on  IBM  ThinkPad 


clients  using  Cisco’s  Aironet  wireless  LAN  adapters,  but 
Gaylord  looks  forward  to  more  adapter  choices  as  they 
emerge.  He  augments  LEAP  with  VPNs,  used  to  access 
printers  and  other  more  restricted  LAN  resources. 

California  Lutheran  University  in  Thousand  Oaks  has  side 
stepped  EAP  for  now.  Unlike  the  University  of  Akron,  it  does 
not  want  dictate  laptop  or  LAN  adapter  card  choice.“We 
looked  at  Cisco’s  LEAR  but  the  problem  is  we’ve  got  stu¬ 
dents  and  faculty  bringing  in  all  sorts  of  different  laptops,” 
says  Zareh  Marselian,  director  of  technical  services.“We 
want  to  remain  open  as  a  heterogeneous  environment.” 

To  secure  the  university’s  wireless  network,  Marselian 
uses  ReefEdge’s  Wi-Fi  authentication  server,  which  sup¬ 
ports  simple  username/password  authentication  from  the 
browser  without  requiring  client  code.  He  also  segmented 
off  the  Wi-Fi  network  so  users  can’t  move  from  it  to  the 
wired  network  and  restricted  use  to  Internet  and  e-mail 
access  —  the  two  most  critical  services  that  users  wanted 
from  a  mobile  connection.  California  Lutheran  is  rolling 
out  wireless  connectivity  to  12  campus  buildings,  about 
40  classrooms.  A  rollout  for  a  dormitory  will  follow. 

And  certainly,, you  could  go  with  IPSec  VPNs  entirely 
—  at  least  until  the  802.1 1  standards  have  matured  and 
de  facto  EAP  winners  emerge,  as  was  the  choice  for 
Memorial  Health  System.  Besides  ReefEdge, Wi-Fi  au¬ 
thentication  vendors  that  support  IPSec  VPNs  include 
Bluesocket,  Fortress  Technologies  and  Vernier  Networks. 

As  Memorial’s  Wolanyk  says,  using  an  IPSec  VPN  lets 
him  give  his  users  —  the  doctors  —  the  mobile  network 
services  they  desperately  need,  while  he  watches  security 
developments.“We  plan,  probably  in  18  months  to  two 
years,  to  have  to  revisit  our  choices  to  ensure  we  have  the 
best  solution  in  place,  or  to  modify  or  upgrade,”  he  says. 

For  those  wanting  the  untethered  LAN  today, such  a 
temporal  attitude  is  wise.® 


Rogue  responsibility 

Users  want  Wi-Fi  vendors  to  do  more 
than  encryption  and  authentication. 

Wi-Fi  security  has  progressed  consider¬ 
ably,  but  still  has  a  long  way  to  go.  Of 
particular  concern  are  rogue  access 
points,  which  are  unauthorized  access  points  that 
end  users  tack  onto  a  wired  network.  Rogue  access 
points  deserve  the  same  attention  from  vendors  as 
encryption  and  authentication,  says  Zareh  Mar¬ 
selian,  director  of  technical  services  for  California 
Lutheran  University  inThousand  Oaks. 

Given  that  most  access  points  don't  ship  with  the 
Wired  Equivalent  Privacy  protocol  configured  as  a 
default,  rogue  access  points  can  create  gaping  secu¬ 
rity  holes  in  wired  networks.  Marselian  says  no  solu¬ 
tion  exists  to  stop  them,  and  the  only  way  to  detect 
them  is  to  walk  around  sniffing  them  out. 

Vendors  must  be  pressured  into  taking  on  more 
responsibility  for  wireless  security,  addsThomas 
Gaylord,  CIO  of  the  University  of  Akron  in  Ohio. 
‘‘Wi-Fi  is  going  to  be  used  by  everybody  —  beyond 
cell  phones,”  he  says.  “The  dangers  in  putting  it  in 
every  mobile  PC,  with  the  Intel  chipset  announced 
to  fanfare  infinitum,  creates  a  huge  potential  vulner¬ 
ability  for  the  naive  user. The  manufacturers  of  the 
standards  and  the  hardware  and  the  developers  of 
the  software  must  get  together  to  ensure  that  we 
are  not  putting  the  general  public  at  risk  because 
they  don’t  know  [all  about]  Wi-Fi  security.” 

—  Julie  Bort 
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Check  Point  Internet  Security. 

Protect  your  network  at  every  moment,  every  level,  every  location. 


Every  minute,  every  day  Global  Fortune  500  companies  protect  their  networks  with  Check  Point’s  leading 
Internet  security  solutions.  Only  Check  Point  provides  true  Stateful  Inspection,  the  de  facto  standard  for 
Internet  security.  For  state-of-the-net  protection,  Check  Point  has  developed  SmartDefense,  which  provides 
real-time  detection  and  protection  against  known  and  unknown  attacks.  With  our  leading  Firewall  and  VPN 
solutions  you’ll  get  the  most  secure,  most  scalable  and  most  comprehensive  security  in  the  industry.  Every 
possible  point  of  attack  is  covered  -  from  corporate  headquarters  to  the  remote  employee. 


Check  Point 
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We  Secure  the  Internet. 


Find  out  how  to  truly  protect  your  network  by  getting  your  hands  on  our  mission  critical  white  paper  today— “Mitigating  the  SANS/FBI 
Top  20  Internet  Security  Vulnerabilities”  It  will  change  the  way  you  look  at  protecting  your  network,  www.checkpoint.com/top20/nw 
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Foundry  Networks  is  the  market  leader  in  Layer  4-7  switches 
that  enhance  the  performance  of  your  business  applications, 
That’s  because  Foundry’s  Serverlron"  Layer  4  -7  switch  is  perhaps 
the  most  intelligent  piece  of  iron  ever  built,  It  intelligently  distributes 
traffic  across  applications,  servers,  firewalls,  caches,  and  even  across  data 
centers.  It  secures  your  servers  and  applications  from  malicious  attacks.  It 
monitors  server  and  application  health  to  provide  rapid  recovery  and 
minimize  or  even  eliminate  application  downtime.  It  directs  network  traffic 
based  on  application, server  load,  UKL  content,  or  cookies.  Brains  like  this  make 
Serverlron  an  essential  component  of  your  network  infrastructure.  Ill  fact, 
purchasing  it  could  be  one  of  the  smartest  moves  you’ll  ever  make.  It)  find  out  more 
about  the  Serverlron  Product  Family,  visit  Us  at  www.foundrynetworks.com/si,  or  call 
Foundry  Networks  at  1  .888.TUR1K  )1.AN  (887-2652)  and  make  the  intelligent  choice. 
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SHAPING  YOUR  NETWORK 


802.111  shores  up  wireless  security 


■  BY  ALAN  COHEN  AND  BOB  O’HARA 

The  inadequacy  of  the  Wired  Equivalent 
Privacy  protocol  has  delayed  widespread 
adoption  of  wireless  LANs  in  many  corpo¬ 
rations.  While  most  network  admin¬ 
istrators  and  end  users  understand  the 
productivity  benefits  of  cutting  the 
Ethernet  cord,  most  worry  about  the  risk 
of  doing  so. 

WLANs  expose  a  network  and  hence, 
from  a  security  perspective,  must  be  treat¬ 
ed  like  access  networks  rather  than  core 
enterprise  networks.  When  corporate 
users  connect  through  a  LAN  switch  or 
hub,  there  is  an  assumption  that  they  al¬ 
ready  are  trusted  users.  IT  might  or  might 
not  use  a  protocol  such  as  802.  IX  or 
RADIUS  for  additional  authentication. 

To  help  address  this  gap  in  WLANs,  the 
IEEE  802. 1 1  Working  Group  instituted  Task 
Group  i  to  produce  a  security  upgrade  for 
the  802.1 1  standard. 802.1  li  is  building  the 
standard  around  802.  IX  port-based 
authentication  for  user  and  device 
authentication.  The  802.1  li  standard, 
which  isn’t  expected  to  be  complete  until 
later  this  year,  includes  two  main  develop¬ 
ments:  Wi-Fi  Protected  Access  (WPA)  and 


Got  great  ideas 


■  Network  World  \s  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 
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WLAN  switch 


Ethernet  switch 


RADIUS  server 


-  Access  point 


1  Client  sends  request  for  association  and 
security  negotiation  to  access  point,  which 
forwards  to  wireless  LAN  switch. 


2  Wireless  LAN  switch  3  RADIUS  server  4  Switch  and  client  initiate  four-way  key  negotiation  to  create  a 
passes  request  to  authenticates  unique  session  key  for  the  client.  Switch  pushes  key  encrypted 

RADIUS  server.  client.  by  AES  to  access  point.  AES  now  encrypts  all  data  traffic. 


Robust  Security  Network  (RSN). 

Wi-Fi  Protected  Access 

The  first  task  is  to  plug  security  holes  in 
legacy  devices,  typically  through  firmware 
or  driver  upgrades.  The  Wi-Fi  Alliance  has 
taken  a  subset  of  the  draft  802.1  li  stan¬ 
dard,  calling  it  WPA,  and  now  certifies 
devices  that  meet  the  requirements. 

WPA  uses  Temporal  Key  Integrity  Pro¬ 
tocol  (TKIP)  as  the  protocol  and  algorithm 
to  improve  security  of  keys  used  with  WEP 
It  changes  the  way  keys  are  derived  and  ro¬ 
tates  keys  more  often  for  security  It  also 
adds  a  message-integrity-check  function  to 
prevent  packet  forgeries. 

While  WPA  goes  a  long  way  toward  ad¬ 
dressing  the  shortcomings  of  WER  not  all 
users  will  be  able  to  take  advantage  of  it. 
That’s  because  WPA  might  not  be  back¬ 
ward-compatible  with  some  legacy  de¬ 
vices  and  operating  systems.  Moreover,  not 
all  users  can  share  the  same  security  infra¬ 


structure.  Some  users  will  have  a  PDA  and 
lack  the  processing  resources  of  a  PC. 

What’s  more,TKIP/WPA  will  degrade  per¬ 
formance  unless  a  WLAN  system  has 
hardware  that  will  run  and  accelerate  the 
WPA  protocol.  For  most  WLANs,  there’s 
currently  a  trade-off  between  security  and 
performance  without  the  presence  of 
hardware  acceleration  in  the  access 
point. 

Robust  Security  Network 

RSN  uses  dynamic  negotiation  of 
authentication  and  encryption  algorithms 
between  access  points  and  mobile 
devices.  The  authentication  schemes  pro¬ 
posed  in  the  draft  standard  are  based  on 
802. IX  and  Extensible  Authentication 
Protocol  (EAP).The  encryption  algorithm 
is  Advanced  Encryption  Standard  (AES). 

Dynamic  negotiation  of  authentication 
and  encryption  algorithms  lets  RSN 
evolve  with  the  state  of  the  art  in  security 


adding  algorithms  to  address  new  threats 
and  continuing  to  provide  the  security 
necessary  to  protect  information  that 
WLANs  carry. 

Using  dynamic  negotiation,  802.  IX,  EAP 
and  AES,  RSN  is  significantly  stronger  than 
WEP  and  WPA.  However,  RSN  will  run  very 
poorly  on  legacy  devices.  Only  the  latest 
devices  have  the  hardware  required  to 
accelerate  the  algorithms  in  clients  and 
access  points,  providing  the  performance 
expected  of  today’s  WLAN  products. 

WPA  will  improve  security  of  legacy  de¬ 
vices  to  a  minimally  acceptable  level,  but 
RSN  is  the  future  of  over-the-air  security 
for  802.11. 

Cohen  is  vice  president  of  marketing  at 
Airespace.  O’Hara  is  director  of  system 
engineering  at  Airespace,  and  chair  of 
802  11m  and  editor  of 802. 1  If.  They  can  be 
reached  at  alan@airespace.com  and  bob@ 
airespace.com,  respectively. 


Dr.  Internet  By  Steve  Blass 

We  plan  to  build  our  own  client/server  network 
composed  of  Windows  2000  File  Server,  Exchange 
Server  and  Firewall  Server.  Can  you  direct  me  to 
documentation  on  the  pros  and  cons  of  keeping 
these  as  separate  servers  vs.  running  Exchange 
on  File  Server  and  running  the  firewall  on 
Exchange  Server?  We  plan  to  connect  25  users  in 
one  location  with  50  users  in  our  main  location. 
Internet  access  would  be  controlled  through  the 
main  location.  We  also  hope  to  add  a  Citrix 
Server  or  two  and  need  to  know  if  there  is  a  cost- 


effective  alternative  that  provides  the  authenti¬ 
cation/security  that  Citrix  does,  keeping  in  mind 
we  will  be  linking  two  locations  using  a  VPN  solu¬ 
tion  with  mobile  users.  Is  New  Moon’s  iQ2  better 
than  Windows  Terminal  Services  and/or  third- 
party  terminal  emulation  software? 

In  reverse  order,  Dave  Kearns  discusses  iQ2  in  his 
NetworkWorld  Fusion  Windows  Networking 
Newsletter  (www.nwfusion.com,  DocFinder:  6030) 
and  provides  a  link  to  the  free  “Definitive  Guide  to 


Windows  Terminal  Services.”  To  find  documenta¬ 
tion  on  the  pros  and  cons  of  server  separation  and 
guidelines  for  Windows  200X  network  planning, 
check  Microsoft Technet  (DocFinder:  6031),  the 
System  and  Network  Security  Reading  Room 
(DocFinder:  6032  )  and  the  Windows  2003  deploy¬ 
ment  resource  kit  materials  (DocFinder:  6033). 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 
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Mark 

Gibbs 


ay  back  in 

look  at  a  language  named  Python 
(see  www.nwfusion.com,  DocFin- 
der:  6035  for  details),  but  we  hardly  did  it 
justice  because  Python  is  definitely  worth 
a  serious  look. 

To  briefly  recap:  Python,  to  quote  the 
summary  on  python.org  (see  DocFinder: 
6036),  is  “an  i  nterpreted ,  interactive,  object- 
oriented  programming  language  [that] 
combines  remarkable  power  with  very 
clear  syntax.  It  has  modules,  classes, 
exceptions,  very  high-level  dynamic  data 
types  and  dynamic  typing.There  are  inter¬ 
faces  to  many  system  calls  and  libraries, 
as  well  as  to  various  windowing  systems 
(XI 1,  Motif,  Tk,  Mac,  MFC).  New  built-in 
modules  are  easily  written  in  C  or  C++. 
Python  also  can  be  used  as  an  extension 
language  for  applications  that  need  a  pro¬ 
grammable  interface.” 

Python  is  easy  to  learn  and  can  be  used 
for  Web  server  scripting  as  a  CGI  inter¬ 
preter.  It  also  has  support  for  creating  and 


1999  we  took  a  quick 


Python  reappears,  with  100%  pure  Java 


manipulating  graphics,  and  generating 
and  parsing  HTML  and  XML. 

But  best  of  all,  Python  is  open  source 
freeware  even  for  commercial  use  and 
runs  under  all  sorts  of  operating  systems, 
including  Windows,  DOS,  Macintosh, 
Linux,  Solaris,  OS/2,  Amiga,  AROS,  OS/400, 
BeOS,  OS/390,  z/OS,  Palm  OS,  QNX,  VMS, 
EPOC  (Psion),  RISC  OS,  VxWorks, 
PlayStation,  Sharp  Zaurus,  and  Windows 
CE  or  Pocket  PC. 

And  if  that’s  not  enough  there’s  Jython 
(see  DocFinder:  6038),  which  is  Python 
implemented  in,  and  certified  as,  100% 
pure  Java.  Like  Python,  Jython  is  freely 
available  for  commercial  and  noncom¬ 
mercial  use,  and  is  distributed  with 
source  code. 

Jython  is  fabulous.  You  can  add  the 
Jython  libraries  to  Java  applications  as  a 
scripting  language,  and  Jython’s  interac¬ 
tive  interpreter  interacts  with  Java  pack¬ 
ages  or  with  running  Java  applications  so 
you  can  debug  or  experiment  with  wild 
abandon. 

It  is  claimed  that  Python  programs  are 
anything  from  two  to  10  times  shorter  than 
equivalent  Java  programs, and  you  can  mix 
Python  and  Java  code  with  the  same  wild 
abandon  that  you  applied  to  the  interactive 
interpreter. 


What  got  us  interested  in  Python  all  over 
again  was  the  release  on  April  25  of 
Python  2.3b  1  (the  first  2.3  beta)  for 
Windows  (details  at  DocFinder:  6039), 
along  with  sources  that  are  reputed  to 
compile  and  run  under  OS  X  and,  pre¬ 
sumably  under  Unix.  A  second  beta  ver¬ 
sion  is  due  this  month,  and  a  final  release 
is  scheduled  for  July 

By  now  you  must  be  wondering  what 
Python  looks  like?  Once  installed, you  can 
run  the  Python  interpreter  as  a  command¬ 
line  interpreter  or  through  the  included 
shell  called  Idle  (essentially  a  GUI  for 
Python,  and  no,  we  have  no  idea  why  it  is 
called  Idle  but  suspect  some  convoluted 
connection  to  Eric  Idle  of  Monty  Python 
fame). 

OK,  download  the  latest  release  for  your 
platform  and  install  it.  We’ll  wait. 

Now  let’s  run  up  Idle  and  at  the  com¬ 
mand  prompt  (this  defaults  to“»>”)  enter 
the  classic  first  program: 
print  “Hello  World” 

That’s  it.  Looks  exactly  like  BASIC, 
doesn’t  it?  Boring.  But  hang  in  there,  it  gets 
better.  Here’s  a  script  called  geturl  written 
by  Sean  Reifschneider  (go  to  DocFinder: 
6040  for  more  details)  that  retrieves  a  URL 
and  sends  it  to  stdout: 

# Copyright  (c)  1998  Sean  Reifschneider, 


tummy.com,  ltd. 

#This  program  is  free  software;  you  can 
redistribute  it  and/or 

#  modify  it  under  the  terms  of  the  GNU 
General  Public  License 

#as  published  by  the  Free  Software 
Foundation;  either  version  2 

#  of  the  License,  or  (at  your  option)  any 
later  version. 

import  sys 

import  urllib 

if  len(sys.argv)  !=  2: 
print  ‘usage:  %s  <url>’  %  sys.argv[0] 
sys.exit(l) 

data  =  urllib.urlopen(sys.argv[l]) 

for  line  in  data.readlinesO: 
print  line, 

To  run  this  you  enter  “python  geturl. py” 
(for  details  see  DocFinder:  6041)  from  the 
system  command  line  (obviously  tailored 
appropriately  for  your  environment).  You 
will  see  the  raw  HTML  code  shoot  past. 

And  take  a  look  at  DocFinder:  6042  for  a 
much  more  complicated  example  (still 
only  25  actual  lines  of  code)  that  pro¬ 
duces  the  MD5  hash  value  for  each  file 
specified  on  the  command  line.  Cool. 

Next  week  we’ll  take  a  closer  look  at  the 
Python  language.  Cheers  of  joy  to  gearhead 
@gibbs.com. 


High  marks  for  sketch  tool,  pop-up  apps 


Cool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


As  usual  there’s  a  pileup  in  the  Cool  Tools  Testing 
Zone.  Here’s  a  look  at  two  stand-outs. 

IHatePopUps:  The  name  pretty  much  says  it  all. 
Sunbelt  Software,  maker  of  the  excellent  IHateSpam 
software,  has  come  out  with  a  follow-up  that  aims  to 
ban  pop-up  and  pop-under  ads  from  browser  windows. 

The  software  is  easy  to  install,  and  it  comes  with  a  con¬ 
trol  panel  that  offers  simple  check-boxes  for  decisions 
(including  whether  you  want  a  sound  to  play  when  the 
software  blocks  a  pop-up  ad). The  software  also  blocks  a 
list  of  ad-ware  pro¬ 
grams,  including  Gator, 

WeatherBug  and  Bar¬ 
gain  Buddy.  It  keeps  a 
log  of  blocked  sites  for 
users  to  view  and  pro- 
\  ides  the  opportunity  to 
white  list  pop-up  win¬ 
dows  that  a  user  wants 
to  keep. 

While  this  software 
works  great  with  pop-up 
windows  that  a  user 
doesn't  ask  tor,  it  also 
blocks  windows  that 
users  choose  to  open. 

For  example,  when  1  use 


the  Outlook  Web  client  (via  Internet  Explorer)  to  read  my 
e-mail,  clicking  on  a  link  brings  up  the  message  in  a  new 
window.  For  me  to  view  this  with  the  IHatePopUps  soft¬ 
ware,  I  have  to  hold  down  the  CRTL  button  when  I  click. 
Even  this  method  didn’t  work  sometimes,  so  I  ended  up 
disabling  the  software  when  reading  my  e-mail. White  list¬ 
ing  doesn’t  solve  the  problem  because  each  e-mail  has  a 
unique  URL  identifier. 

But  $10  is  a  good  price  to  pay  if  you  do  a  lot  of  Web  surf¬ 
ing  and  are  tired  of  pop-ups  (almost  every  site  has  some). 
Go  to  the  Sunbelt  Software  Web  site  for  more  details. 

Alias  SketchBook  Pro:  From  Alias  Wavefront  comes  this 
sketching  application  built  forTablet  PCs.The  application 
is  more  complex  than  the  Paint  application  that  comes 
bundled  on  Tablet  PCs  and  is  aimed  at  graphic  artists  and 
professional  designers.  We  recently  tested  the  Sketch- 

Book  Pro  application 
on  an  Acer  TravelMate 
Cl  00  Tablet. 

The  tools  available  for 
the  artist  are  impressive 
and  include  options 
such  as  different  brush 
styles,  colors  and  layer 
features  that  are  easy  to 
understand  for  non¬ 
artists.  Because  my  art¬ 
istic  ability  is  mostly  in 
the  stick-figure  oeuvre,  I 
wasn’t  creating  master¬ 
pieces.  But  I  was  im¬ 
pressed  with  the  appli¬ 
cation’s  tools  ability  to 


become  pressure-sensitive  —  the  longer  I  held  down  the 
pen  on  the  tablet’s  screen,  the  more  color  I  could  get  (the 
bleed  effect). 

The  layer  concept  will  appeal  to  nonartists  for  group 
annotations  and  collaboration.  For  example,  diagram 
and  document  changes  can  be  made  by  giving  each 
team  member  his  own  layer.  If  you  want  to  ignore  some¬ 
one’s  input,  just  hide  the  appropriate  layer  from  viewers. 
This  also  helps  in  cases  where  drawings  are  so  detailed 
that  having  notes  written  on  one  layer  would  mess  up 
the  drawing. 

One  of  our  graphic  artists  tried  the  software  and  was 
impressed  with  the  visual  interface,  which  was  designed 
for  artists,  not  programmers.  He  was  disappointed,  how¬ 
ever,  in  the  lack  of  integration  with  current  art  applica- 
tions.such  as  Adobe  Photoshop  and  Procreate’s  Painter. 

Still,  this  was  a  good  example  of  the  type  of  application 
that  will  succeed  on  Tablet  PCs.The  software  starts  at  $129 
($149  for  a  shipping  version), and  a  15-day  trial  version  is 
available  at  Alias  Wavefront’s  Web  site.  The  company 
recently  announced  a  deal  with  Acer  to  bundle  the  trial 
version  on  every  new  Acer  TravelMate  tablet. 

Shaw  can  be  reached  at  kshaw@nww.com. 


The  IHatePopUps  interface  is  designed  well  for  end  users. 


A  sketch  drawn  with  the  SketchBook  Pro  software. 
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Are  filters  more  effective  than 
laws  in  stopping  spam? 


Two  industry  experts  debate  whether  filtering  it  or  outlawing  it  is  the  best  way  to  halt  spam. 


Yes,  by  Paul  Graham 


No,  by  Jason  Gatlett 


There  are  two  senses  of  stopping  spam  —  stopping  it  from  filling  up  our  in¬ 
boxes  and  stopping  spammers  from  sending  it.  Of  course,  if  you  solve  the 
first  problem,  you  also  solve  the  second.  Spammers  send  spam  to  make 
money.  If  no  one  sees  the  spam,  they’ll  be  wasting  their  time  sending  it  and 
soon  will  stop. 

Two  of  the  most  promising  solutions  to  the  spam  problem  are  to  filter  it  and  to  outlaw 
it.  It’s  too  early  to  say  for  sure  which  will  win,  but  so  far,  filtering  works  and  laws  don’t. 

A  year  ago,  few  people  thought  filtering  was  a  practical  solution.  Earlier  filters,  which 
identified  mail  as  spam  based  on  whether  it  contained  specific  words,  were  not  very 
effective.  If  you  made  them  tight  enough  to  catch  most  spam,  you  got  too  many  false 
positives  —  e-mails  mistakenly  identified  as  spam. 

The  new  generation  of  statistical  (also  known  as  Bayesian)  filters  are  much  better. 
Mine  lets  through  2.5  spams  per  1,000,  with  about  0.5  per  1,000  false  positives.  Moreover, 
the  false  positives  that  statistical  filters  yield  tend  to  be  mail  that  resembles  spam: 
newsletters  and  advertising,  not  personal  mail. 

The  argument  against  filters  is  that  we  still  have  to  pay  the  cost  of  transmitting  the 
e-mail.  But  this  cost  would  go  away  if  filters  were  widespread  because  response  rates 
would  be  so  low  that  it  wouldn’t  pay  to  spam.  And  filters  are  becoming  widespread 
because  it  is  in  the  interest  of  the  big  online  services  to  implement  them.  It  decreas¬ 
es  their  infrastructure  cost  if  they’re  known  to  be  spam-proof,  and,  as  MSN’s  full-page 
ads  testify,  effective  spam  protection  is  a  big  marketing  advantage. 

There  are  two  problems  with  trying  to  outlaw  spam  —  the  legitimate  direct  marketing 
lobby  and  the  difficulty  of  enforcement.  Direct  marketers  want  to  ensure  that  spam  laws 
still  permit  them  to  contact  their  customers. The  resulting  loopholes  are  so  big  that  spam¬ 
mers  get  through,  too.  Because  the  company  they  bought  your  e-mail  address  from  is  an 
“affiliate,”  they  consider  you  their  customer,  too.  Perhaps  a  law  could  be  written  that  is  tight 
enough  to  prevent  this,  but  1  doubt  it. 

There  are  several  grades  of  spammers,  from  companies  that  call  themselves“opt-in”  mail¬ 
ers  to  the  guys  who  hijack  mail  servers  to  send  pornography  A  tightly  written  law  might 
shut  down  the“opt-in”spammers,but  without  effective  enforcement  the  pornog¬ 
raphy  spammers  will  just  ignore  it. 

Enforcement  is  a  hard  problem.  Spammers  route  a  lot  of  their  spam 
through  servers  offshore.  What  happens  when  they  move  their  compa¬ 
nies  offshore,  too?  Are  we  going  to  be  able  to  extradite  people  for 
spamming? 

I’m  not  against  trying  to  outlaw  spam.  I  just  don’t  think  new  laws  will  work  any 
better  than  the  current  laws.  Filtering  works  now. 


Filtering  is  no  more  a  solution  to  the  spam  problem  than  it  is  to  water  pollu¬ 
tion. The  right  thing  to  do  is  to  restrain  the  producers  of  pollution,  rather  than 
routinely  burden  someone  downstream  with  the  task  of  cleaning  up  an 
unfairly  imposed  mess.  The  cleanup  task  is  necessarily  an  imperfect  and 
expensive  business. 

There  is  no  federal  law  against  spamming,  but  Congress  might  act  this  session.  A  good 
law  would  ban  bulk  unsolicited  commercial  e-mail  and  let  individuals  who  are 
spammed  sue  the  spammer,  just  as  they  currently  can  sue  junk  faxers.A  bad  law  would 
let  spamming  continue  provided  the  spam  is  labeled  with  “ADV”  or  some  such  indica¬ 
tor  of  an  unsolicited  advertisement  in  the  subject  line. 

The  idea,  appealing  on  the  surface,  is  to  make  spam  easy  to  filter.  But  this  ignores  sev¬ 
eral  facts:  Not  all  spammers  will  label,  not  everyone  has  filters,  and,  even  if  they  did, 
much  of  the  unfair  burden  on  the  Internet  infrastructure  would  remain,  as  ISP  servers 
forward  spam  to  networks  only  to  have  it  deleted  at  some  later  point. 

Spam  has  grown  in  recent  years  from  less  than  10%  of  all  e-mail  to  about  40%.  If  it 
continues  at  this  rate,  the  resources  required  simply  to  delete  most  of  the  junk  before 
it  is  forwarded  will  run  into  billions  of  dollars. This  is  an  unfair  tax  on  consumers  and 
organizations. 

Filtering  by  ISPs  and  corporate  networks  is  commonplace,  but  filtering  is  and  will 
always  be  an  imperfect  process.  Filters  inevitably  make  two  types  of  errors:  false  nega¬ 
tives,  in  which  they  let  a  piece  of  spam  go  through;  and  false  positives,  in  which  they 
throw  out  something  that  the  recipient  actually  wants.  ISPs  are  forced  to  be  conserva¬ 
tive  in  their  filtering  to  avoid  false  positives,  which  can  be  costly  for  businesses  that  rely 
on  e-mail  as  an  interface  to  customers  for  sales  and  service. 

Although  filtering  technology  has  become  extremely  sophisticated,  spammers  play 
the  cat-and-mouse  game  with  great  agility  and  currently  hold  the  advantage  of  larger 
numbers  and  little  economic  or  legal  incentive  to  stop.  When  appropriate  legislation 
increases  those  incentives,  filtering  at  the  network  level  still  will  be  necessary,  but  it 
should  not  be  a  major  systemic  cost.  If  the  public  resigns  itself  to  tolerating  spam  and 
accepting  the  burden  of  filtering  it  (imperfectly),  users’  disenchantment  with 
e-mail  likely  will  reach  a  tipping  point  where  many  abandon  e-mail. 
Believing  that  filters  can  prevail  against  unrestrained  spammers  is  bet¬ 
ting  that  we  can  win  an  expensive  arms  race  that  we  already  appear  to  be 
losing.  It  also  is  buying  in  to  a  very  expensive  maintenance  overhead  and 
ongoing  collateral  damage  to  our  daily  correspondence.  To  put  our  faith 
solely  into  technology  here  would  be  as  foolish  as  the  residents  of  Venice 
ignoring  the  rising  tide  around  them  and  relying  on  the  water  pumps  in  their 
basement. 


More  online! 


Graham  has  written  two  books  on  Lisp  and  was  a  founder  of  the  Log  on  to  Network  World  Fusion  to  voice  your  opinion. 
starl-up  that  became  Yahoo  Store.  Recently  he  has  worked  on  spam  fil-  Face-off  authors  Paul  Graham  and  Jason  Catlett  will  Catlett  is  president  and  founder  of  Junkbusters,  a  privacy  advo- 
ters  and  a  new  language  called  Arc.  For  more  on  filtering,  see  8dd  their  thoughts  to  tho  discussion.  cocy  firm  in  Green  Brook,  N.J.  He  can  be  reached  at  www. 

http://paulgraham.com.  DocFinder  6026  junkbusters.com. 
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EDITORIAL 

John  Dix 

GEO  to  you:  Why 
is  that  server 
exposed? 

The  nightmare  scenario  1  spelled  out  a  few  weeks 
ago  about  your  CEO  being  able  to  check  up  on  you 
by  running  simple  yet  effective  external  network 
security  scans  from  his  desktop  became  decidedly  less 
dreamlike  last  week. 

At  a  security  roundtable  in  Boston,  Qualys  announced 
Qualys  Free  Map,  a  free  Web-based  service  that  companies 
can  use  to  identify  network  entry  points  and  devices  that 
should  be  secured  from  attacks. 

To  refresh  your  memory,  Qualys  has  been  offering  a  ser¬ 
vice  it  calls  QualysGuard  to  map  customer  networks  from 
inside  and  out,  looking  to  see  what  devices  are  visible, 
what  servers  and  services  are  available,  etc.  Besides  re¬ 
vealing  immediate  concerns,  that  baseline  —  generated 
by  65  network  scanners  in  the  U.S.,  Europe  and  Asia,  and 
appliances  installed  behind  firewalls  —  then  can  be  used 
to  watch  for  change  over  time. 

Qualys,  founded  in  1999,  says  it  has  1,000  paying  cus¬ 
tomers,  including  HP  Fireman’s  Fund  and  BlueCross 
BlueShield. 

But  to  grow  the  company  Chairman  and  CEO  Philippe 
Courtot  was  convinced  he  needed  something  that  would 
attract  attention  —  hence  the  decision  to  start  to  give 
away  external  scans  for  free. 

Courtot  knows  something  about  building  successful 
companies.  He  joined  cc:Mail  when  it  had  12  people, 
drove  it  up  to  40%  market  share  and  sold  it  to  Lotus.  And 
more  recently  he  was  head  of  Signio,  an  electronic  pay¬ 
ment  start-up  that  ultimately  was  sold  to  VeriSign. 

To  lend  credibility  to  the  concept  of  scans  being  deliv¬ 
ered  as  a  service,  Qualys  used  the  Boston  roundtable  to 
unveil  the  free  offering. The  event  was  kicked  off  by 
Richard  Clarke,  most  recently  of  homeland  security  fame 
and  now  a  consultant. 

Clarke  said  he  learned  about  Qualys  when  he  was  work¬ 
ing  for  the  Feds  and  he  asked  the  company  to  demon¬ 
strate  its  service  on  Whitehouse.gov. “I  can’t  say  what  they 
found,  but  there  was  a  lot  we  didn’t  know  about.” 

Without  coming  out  and  saying  Qualys  is  the  answer, 
Clarke  said  the  government’s  22  federal  agencies  do  their 
own  security  scans  once  per  year, and  last  year  14  of 
them  got  an  “F.”“You  don’t  know  what  is  on  your  net,”  he 
said. “Contractors  come  in,  plug  stuff  in  and  leave.  People 
bring  in  technology  from  home.  And  even  when  you  are 
told  something  is  fixed,  can  you  be  sure  it  was?” 

Tools  like  QualysGuard  make  it  possible  to  do  daily 
checks,  Clarke  said.  And  that  can  only  be  a  good  thing. 

But  do  it  before  your  boss  does. 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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Controlling  congestion 

The  story  “Netli  looks  to  cut  ’Net  delay”  (www.nw 
fusion.com,  DocFinder:  6027)  praises  a  technique 
that  should  be  criticized  for  intentionally  avoiding 
proper  congestion-control  techniques  that  maintain 
Internet  stability  and  avoid  congestion  collapse.  In 
the  mid-1980s,  the  Internet  suffered  multiple  conges¬ 
tion-collapse  episodes  because  of  lack  of  conges¬ 
tion  control. These  episodes  triggered  a  bunch  of  re¬ 
search  and  ultimately  led  to  Van  Jacobsons  seminal 
1988  paper,  “Congestion  Avoidance  and  Control.” 
Avoiding  slow  start  and  other  congestion-control 
techniques  are  known  to  improve  the  response  time 
and  throughput  for  a  single  user,  but  doing  so  pre¬ 
vents  fairness  among  all  flows  on  the  Internet.  As  the 
number  of  users  of  the  Netli  Protocol  increases,  the 
probability  of  congestion  collapses  increases. 
Therefore,  this  protocol  is  not  progressive;  imple¬ 
menting  Netli  ignores  15  years  of  research. 

Armando  Caro 
Research  assistant 
Protocol  Engineering  Lab,  University  of  Delaware 

Newark,  Del. 

Adam  Grove,  CTO  of  Netli,  responds.You  are  correct 
about  the  dangers  of  congestion  collapse  and  the  per¬ 
ils  of  throwing  away  important  TCP  features  in  an 
attempt  to  improve  performance.  The  story’s  sugges¬ 
tion  that  we  simply  “eliminate  the  slow-start  feature” is 
unfortunate  in  reinforcing  the  reasonable  concern 
that  this  is  how  Netli's  technology  works.  We  do  not 
simply  throw  away  these  important  features,  and  it 
isn 't  our  philosophy  (nor  is  it  necessary)  to  harm  the 
rest  of  the  Internet  to  provide  our  benefits.  Our  proto¬ 
cols  include  congestion  control,  albeit  not  identical 
with  standard  TCP 

While  Jacobson ’s  innovations  are  great  for  bulk  TCP 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


transfers,  there  are  problems  in  the  face  of  typical 
HTTP  dynamics.  With  respect  to  slow  start,  it's  com¬ 
mon  for  an  object  download  to  complete  before  slow 
start  is  over;  TCP  never  reaches  its  most  efficient 
mode.  And  each  new  connection  repeats  slow  start. 
(The  full  price  of  this  has  to  be  considered  in  context, 
including  fine  details  of  modern  HTTP  and  Web 
browser  implementations.) 

Mitigating  the  slow-start  cost  without  discarding  its 
important  benefits  is  only  one  piece  of  the  puzzle. 

Another  scumware  risk 

Mark  Gibbs  concludes  his  column  “Scams  to  scum- 
ware”  (DocFinder:  6028)  by  mentioning  scumware’s 
risk  to  PC  stability  and  security  within  corporations. 
What  he  didn’t  add  is  that  scumware  also  can  pose 
a  risk  to  a  corporation’s  reputation  and  revenue.  1 
volunteer  with  PC  help  at  my  children’s  elementary 
school,  where  I  recently  worked  on  a  teacher’s  PC 
that  was  having  trouble  reaching  Secure  Sockets 
Layer-protected  Web  sites  because  of  a  misconfig- 
ured  proxy  setting.  During  troubleshooting,  I  noticed 
that  when  she  visited  her  bank’s  Web  site,  pop-up  ads 
immediately  appeared  for  competing  services  such 
as  mortgages.  This  teacher  had  installed  a  program 
called  Hotbar  to  “skin”  her  e-mail  and  browser. 
Hotbar  advertises  itself  as  a  way  to  personalize 
Outlook  Express  and  Internet  Explorer  with  attrac¬ 
tive  background  graphics,  but  it  also  monitors  the 
sites  you  visit  and  presents  targeted  pop-up  ads. 

The  pop-ups  do  not  identify  Hotbar  as  their  source, 
so  unless  the  user  reads  the  entire  end-user  license 
agreement  or  the  small  print  at  the  bottom  of  the  ad, 
he  might  not  realize  the  site  he’s  visiting  is  not  the 
source  of  the  ad. Given  the  general  public  disdain  for 
pop-ups,  this  could  be  a  risk  to  your  company’s  repu¬ 
tation  —  not  to  mention  the  sales  that  could  be 
stolen  right  off  of  your  company’s  Web  site. 

Keith  Royster 
Charlotte,  N.C. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  6025 
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VENTURE  OVER  THE  HORIZON 

Robin  Vasan 

As  security  becomes  more  than  just  fire¬ 
walls  and  antivirus  software,  network 
managers  need  to  look  beyond  the 
usual  list  of  security  providers.  Answers  to 
security  problems  increasingly  can  be  found 
in  savvy  start-ups  that  are  leveraging  their 
security  expertise  in  today’s  insecure  world. 
Security  has  a  much  broader  meaning  today  than  it  did  just  a  few 
years  ago.  In  the  area  of  IT  security,  government  mandates  about  the 
levels  of  security  in  a  number  of  areas  have  grown  significantly. 

The  Patriot  and  Homeland  Security  Acts  and  other  antiterrorism 
legislation  have  placed  numerous  requirements  on  service  providers 
to  support  law  enforcement.  Such  IP  surveillance  and  intelligence 
gathering  is  a  challenging  problem  that  companies  are  just  begin¬ 
ning  to  address. 

Companies  also  are  faced  with  privacy  and  confidentiality  issues 
regarding  personal  data.  Healthcare  providers  must  comply  with  the 
recent  Health  Insurance  Portability  and  Accountability  Act,  which 
requires  that  all  individually  identifiable  healthcare  information  be 
protected  to  ensure  privacy  and  confidentiality  when  it  is  electron¬ 
ically  stored,  maintained  and  transmitted.  The  rising  demand  for 
sophisticated  high-technology  surveillance  systems  is  affecting  physi¬ 
cal  security 

In  the  venture  business,  we  see  smart  start-ups  redrawing  their  busi¬ 
ness  models,  leveraging  their  security  components  to  take  advantage 
of  current  trends.This  certainly  is  true  of  several  companies  in  which 
Mayfield  has  invested  —  Narus,  Pixim  and  PostX. 


Leveraging  security  offerings 


Narus’  interactive  mediation  products  help  telecom  carriers  collect 
and  analyze  detailed  information  about  their  customers’ service  usage. 
Government  agencies  also  can  use  the  technology  for  lawfully  autho¬ 
rized  Internet  surveillance. 

Pixim’s  silicon  and  software  technology,  known  as  the  Digital  Pixel 
System  (DPS),  vastly  improves  the  way  digital  cameras  capture  and 
process  images,  making  it  possible  to  produce  superior  pictures 
under  a  variety  of  lighting  conditions.  DPS  is  ideal  for  security  cam¬ 
eras,  where  picture  quality  is  critical  but  lighting  is  problematic. 

PostX  started  out  developing  a  secure  way  for  consumers  to  receive 
bills  and  statements  online.  However,  the  company  soon  realized  its 
technology  also  could  be  used  for  securing  the  delivery  of  network 
communications  among  a  company’s  customers,  partners  and 
employees.  PostX  has  found  a  market  for  its  platform, PostX  Enterprise, 
among  financial  service  companies  and  healthcare  providers,  which 
are  under  pressure  to  secure  communications  that  contain  their  cus¬ 
tomers’  personal  information. 

In  the  near  future,  as  security  cameras  begin  delivering  digital  rather 
than  analog  video,  the  distinction  between  IT  security  and  physical 
security  will  begin  to  blur.  Longer  term,  robust  IT  products  will  have  to 
be  applied  to  securing  streaming  video  as  it  flows  over  networks. 

Security  is  clearly  a  growth  market.  As  a  result,  in  the  upcoming 
months  expect  to  see  even  more  start-ups  beginning  to  showcase 
their  unique  security  products  and  leveraging  their  security  expertise. 


Answers  to  secu¬ 
rity  problems 
increasingly 
can  be  found  in 
savvy  start-ups 
that  are  leverag¬ 
ing  their  security 
expertise. 


Vasan  is  a  general  partner  with  Mayfield,  a  venture  capital  firm  in 
Menlo  Park,  Calif.  He  can  be  reached  at  masan@mayfield.com. 


TELECOM  CATALYST 

Daniel  Briere 

John  Chambers  has  made  a  big  issue 
over  the  past  year  of  re-establishing  trust 
in  the  telecom  marketplace.The  rise  and 
fall  of  the  telecom  sector  has  been  blamed 
substantially  on  the  hype  perpetrated  on 
everyone  by  well,  everyone.  We  simply  don’t 
know  who  knows  the  “truth,”  and  we’re  still 
living  a  lot  of  lies  in  our  industry. 

Nevertheless,  there  are  six  truths  about  our  industry,  and  the  sooner 
we  acknowledge  them,  the  faster  we  can  get  back  on  track: 

•  All  the  rules  for  projecting  sales  have  gone  out  the  window.  Internal 
projection  processes  were  built  during  times  when  you  could  project. 
People  have  to  start  thinking  of  future  projections  as  a  series  of  poten¬ 
tial  outcomes  and  not  the  expected  outcome. What  happens  if  the  tele¬ 
com  industry  has  another  really  big  downturn?  What  happens  if  your 
company  simply  does  not  meet  internal  goals  by  20%?  By  40%? 

•  Now  more  than  ever,  we’re  in  “rob  Peter  to  pay  Paul”  mode.  Budgets 
being  what  they  are,  if  you’ve  got  an  emergency  on  one  side  of  the 
network, you  “find”the  money  While  that’s  always  been  the  case, in  the 
past  you  had  special  project  budgets  to  pull  money  from. These  days, 
it’s  not  uncommon  that  there  are  no  special  projects  funded,  and  so 
hidden  slush  funds  can’t  be  dipped  into. 

•  I’m  constantly  asked, “When  will  capital  expenditure  spending  re 
turn?”The  fact  is, it  never  stopped.The  typical  telephone  company  has 
a  long  list  of  capital  spending  that  is  matched  with  available  funds, 
with  a  moving  cutoff  of  what  gets  funded.  If  demand  is  high  for  one 
service,  expect  spending  in  that  area  to  continue;  if  not,  it  won’t. 
Vendors  should  be  asking, “What  more  can  we  do  to  prove  that  our 
products  will  drive  better  results  to  the  bottom  line, sooner,  than  other 
items  on  the  telcos’  lists?”  We  call  this  “market  acceleration,”  and  any 
firm  not  focused  on  market  acceleration  activities  is  going  to  be  spin¬ 
ning  its  wheels. Video  on  demand  is  a  good  example  of  a  technology 
that  has  been  marketed  proactively  to  the  telcos. 


The  truth  will  set  us  free 


•  Revenues  are  not  reliable. Whether  it’s  your  revenue  or  that  of  your 
customers,  you  can’t  count  on  steady  and  stable  growth.  I  got  into 
a  heated  exchange  with  one  equipment  vendor’s  board  of  directors 
about  the  stability  of  the  regional  Bell  operating  companies’  revenues 
regarding  their  new  bundling  initiatives.  My  take  is  that  bundling  his¬ 
torically  favors  those  instances  where  the  value  proposition  of  the 
bundle  substantially  exceeds  the  individual  parts.  However,  if  you  take 
four  or  five  generic  services,  and  bundle  them  together  and  discount 
the  bundle  —  and  everyone  else  does  the  same  —  then  all  you  have 
done  is  create  another  generic  offering.  Just  because  new  products 
are  available  does  not  mean  they  will  sell. 

•  Don’t  confuse  the  natural  evolution  of  products  or  services  with 
strategy.  People  say  that  the  lower  DSL  prices  mark  some  strategic 
stroke  of  genius.  Prices  decline  with  deployment  in  every  services 
group. Yes,  more  customers  will  sign  up,  but  the  existing  customers  get 
a  price  break,  too.  Cable  will  respond  in  kind,  as  will  alternative  ser¬ 
vice  categories.This  is  the  natural  evolution  of  services. 

•  Those  who  differentiate  themselves  will  get  sales.  The  areas  of 
growth  in  the  industry  are  subject  now  to  massive  herding.  Each  day 
someone  is  launching  a  new  multiservice  capability  or  some  SONET 
enhancer.  Everyone  is  starting  to  look  the  same  again.  Dare  to  be  dif¬ 
ferent.  Figure  out  your  unique  strengths,  build  market  acceleration 
tools  to  support  them,  and  communicate  them  concisely. Think  you 
already  are  doing  this?  Recheck.  If  you  can  substitute  a  competitor’s 
name  on  your  slides  and  have  it  sound  the  same,  you’re  not  unique. 

The  industry  needs  to  get  back  to  selling  on  its  merits, selling  where 
it  belongs,  selling  what  it  has  now  and  working  to  rebuild  a  sense  of 
reasonable  expectations  in  the  market.  People  have  said  this  over  and 
over,  but  I’m  just  not  sure  it’s  sinking  in. 


The  industry 
needs  to  get  back 
to  selling  on  its 
merits,  working 
to  rebuild  a 
sense  of  reason¬ 
able  expectations 
in  the  market. 


Briere  is  CEO  of  TeleChoice,  a  market  strategy  consultancy  for  the 
telecom  industry.  He  can  be  reached  at  telecomcatalyst@ 
telechoice.com. 


Today's  world  requires  secure  control,  access  and  sup¬ 
port  of  all  of  your  PCs  and  servers  -  no  matter  where 
you  are  -  or  where  they  are.  NetOp  offers  an  enterprise- 
tested  solution  which  saves  you  time  and  money  by 
enabling  IT  professionals  to  safely  control,  maintain 
and  fix  distant  PCs  via  the  Internet,  WANs,  VPNs,  or 
wireless  connections.  Reduce  travel,  fix  more  problems 
faster  and  make  your  entire  organization  more  produc¬ 
tive  with  just  one  product. 

Only  NetOp  offers  safe  access  to  all  your  Windows, 
Linux,  CE  based  handhelds  and  even  legacy  DOS  and 
OS/2  systems.  NetOp  provides  bullet-proof  security 
though  our  optional  Security  and  Gateway  Server  mod¬ 
ules,  multiple  password  protection  and  full  256-bit 
encryption.  You  can  even  deploy  NetOp  modules 
throughout  your  network  quickly,  easily  and  securely 
with  NetOp's  Deployment  Utility.  So  if  you  need  an 
award-winning  solution  for  supporting  users,  PCs,  dis¬ 
tant  offices  and  servers  —  no  matter  where,  or  what, 
they  are  —  take  NetOp  for  a  free  test  flight. 


REAL  SECURE 

NetOp  offers  a  wide  range 
of  variable  security  features. 
The  program  supports  every¬ 
thing  from  individualized 
passwords  and  user  rights 
to  fully  centralized  security 
management,  automated 
timeouts,  256-bit  encryption 
and  session  recording. 


REAL  CROSS-PLATFORM 

Designed  as  a  one-stop 
remote  control  software 
solution,  NetOp  supports  15 
commonly  used  platforms 
including  all  Windows  sys¬ 
tems,  Windows  CE  and 
Symbian  handhelds,  Linux, 
Solaris  and  even  browser 
based  control. 


REAL  SCALEABLE 

Besides  enterprise-wide 
security  options,  NetOp 
gives  you  a  one-click 
Inventory  of  the  distant  PC's 
software  and  hardware, 
deployment  options  for  easy 
integration,  file  transfer  and 
synchronizing,  instant  mes¬ 
saging  and  much  more. 


FREE 

Download  a 
full-function 
evaluation  copy  at 
www.NetOpUSA.com 


OVERALL 
RATING  EDITORS’ 
★★★★★  ‘CHOICE* 


GSA 


CrossTec  Corporation 

Tel:  800-675-0729 
Email:  info@CrossTecCorp.com 
Web:  www.NetOpUSA.com 


Remote  Control 


Moving  expertise  —  not  people’ 


NetOp  and  the  red  kite  are  registered  trademarks  of  Danware  Data  A/S. 
Other  brand  and  product  names  are  trademarks  of  their  respective 
holders.  2003  Copyright  Danware  Data  A/S.  All  rights  reserved. 
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help  desk  worker  at  a  large  company  fields  the 
next  in  a  never-ending  rush  of  calls  from  another 
breathless,  overwrought  employee.The  caller  is 
desperate  for  his  e-mail  and  network  passwords, 
which  he  claims  to  have  forgotten. The  staffer 
gives  in  and  hands  over  the  goods  —  worn  down 
by  tales  of  the  rotten  day  the  employee  is  having. 

I  laving  tricked  the  help  desk  staffer,  the  intruder  proceeds  to  waltz  through  the  com¬ 
pany's  firewall  and  wreak  havoc. 

Giving  out  sensitive  data  to  people  without  first  authenticating  their  identity  and 
access  privileges  is  one  of  the  most  common  and  worst  mistakes  employees  can  make. 
Allowing  a  stranger  inside  an  organization  without  authorization  is  yet  another  exam¬ 
ple  of  a  broken  link  in  the  human  firewall  chain. 

According  to  an  example  the  International  Organization  for  Standardization  cites,  a 
former  contract  programmer  at  a  financial  institution  easily  got  past  security  because 
guards  simply  recognized  him  and  waved  him  in.  Once  inside,  he  posed  as  a  computer 
consultant  doing  an  audit  and  interrogated  an  employee,  who  believed  he  was  sup¬ 
posed  to  provide  the  data  that  was  demanded. 

This  con  tricked  another  employee  into  verifying  information  that  he  eventually  used 
to  transfer  SI 0.2  million  from  the  company’s  bank  to  a  Swiss  account. The  thief  couldn’t 
have  committed  his  crime  without  the  unwitting  complicity  of  at  least  three  employees 
who  breached  security  by  allowing  him  into  the  building  and  giving  him  network  and 
database  access. 

According  to  a  Computer  Security  Institute/FBI  study  of  more  than  500  U.S. security 
managers.  90".  say  they  suffered  breaches  in  2001. The  most  serious  financial  losses 
occurred  through  theft  of  proprietary'  information  and  financial  fraud,  crimes  asso¬ 
ciated  with  breaches  in  corporate  security  policies  and  weaknesses  in  human 
firewalis.The  survey  adds  that  50%  of  the  attacks  came  from  employees,  includ¬ 
ing  contractors,  working  inside  organizations. 

Warren  Moore, senior  director  of  information  security  at  Convergys  in 
Cincinnati, says, “With  human  firewalling  . . .  really  what  you’re  talking  about  is 
changing  corporate  cultures.  People  want  to  be  helpful,  but  that’s  the  way 
intruders  can  get  inside. You  need  to  establish  policies  and  educate 
employees.” 

But  according  to  the  Human  Firewall  Council,  an  international  organiza¬ 
tion  founded  in  2001  to  help  security  directors  define  policies,  far  too 
many  organizations  are  neither  training  their  employees  to  prevent 
breaches  nor  investing  strategically  in  security. 

In  a  study  published  in  February,  the  council  analyzed  responses 
from  more  than  1,000  organizations  and  found  that  eight  of  10  sur¬ 
vey  respondents  had  not  implemented  even  minimal  security  man¬ 
agement  practices. 

Even  in  industries  such  as  financial  services  and  healthcare,  and  government 
agencies,  where  security'  practices  are  federally  mandated,  little  more  than  half 
of  surveyed  organizations  had  defined  security  management  practices. 


Security  directors  agree  that  technology  is  only  one  line  of  defense  against  hackers. 
They  say  establishing  policies  and  following  through  with  training  and  education  are 
just  as  important  as  investing  in  antivirus  software,  firewalls  and  VPNs. 

Edward  Liebig,  director  of  IT  security  of  Manulife  Annuities  in  Boston,  recommends 
that  companies  cover  general  security  guidelines  with  all  new  hires  and  conduct  annual 
checks  to  make  sure  employees  know  the  policies. 

Untrained  and/or  exasperated  receptionists, security  guards,  tech  support,  customer  ser¬ 
vice  and  help  desk  staff  are  particularly  vulnerable,  especially  if  they  are  not  aware  of 
security  policies.  And  opportunistic  black  hats  have  a  good  idea  of  where  to  look  for  the 
data  they  need  and  who  to  target  because  many  are  either  current  or  former  employees. 


War  mumbling 

Thieves  who  use  trickery  to  infiltrate  a  corporate  network  are  always  coming  up  with 
new  techniques.  One  new  approach  is  war  mumbling,  not  to  be  confused  with  war  dial¬ 
ing  and  war  driving,  which  are  ways  of  hacking  into  networks  by  calling  numbers  until 
one  hits  a  modem, and  driving  through  known  hot  spots  until  you  get  on  an  insecure 
802. 1 1  network. 

War  mumbling  involves  calling  multiple  customer  service  representatives  and  speak¬ 
ing  with  a  very  thick  accent  or  mumbling  incoherently  in  response  to  ID  authentication 
questions  until  one  of  them  gives  up  password  data  out  of  frustration. 

Robert  Richardson,  the  Computer  Security  Institute’s  editorial  director,  says  the  ways 
to  combat  war  mumbling  are  “training  combined  with  technology  He  says  voice  recog¬ 
nition  technology  can  be  used  to  require  a  caller  to  repeat  a  series  of  random  numbers 
that  are  matched  to  a  voice  print  so  that  intruders  can’t  anticipate  a  pattern  or  trick  the 
system,  he  says. 


Changing  corporate  culture,  but  how  much? 

To  limit  the  damage  done  by  intruders,  Bruce  Schneier,  CTO  and  founder  of  Counter¬ 
pane,  a  security  and  network  monitoring  firm, says  security  directors  should  work  with 
human  resources,  department  managers  and  top  executives  to  decide  how  much 
data  access  each  employee  should  get.This  approach  limits  the  information  such 
intruders  can  trick  out  of  a  single  weak  link  and  make  hacking  more  difficult. 

“You  can  limit  the  amount  of  access  [an  employee  has]  to  sensitive  data  to  the 
bare  minimum  —  giving  customer  service  reps  or  even  system  admins  less  access 
to  data,  like  credit  card  information,  financial  records  and  passwords,” 
Schneier  says.This  makes  the  organization  more  secure,  but  it  also 
makes  the  organization  less  flexible.” 

Liebig  agrees  that  “any  security  officer  worth  his  salt  will  write  policy 
that  is  absolutely ‘by  the  book’  best  practice,  and  it  is  up  to  upper  man¬ 
agement  if  they  wish  to  operate  in  that  manner.” 

He  says, “Policy  setting  is  a  give-and-take  between  business  and  security 
Organizations  have  to  weigh  the  risks  of  exposure  against  how  they  want  to 
run  their  operations.” 

Schneier  adds, “The  reason  that  this  [security  policy  compliance]  is  so  hard 
is  that  it’s  not  a  technical  problem,  it’s  a  human  nature  problem.  Remember, 
amateurs  hack  systems;  professionals  hack  people.” 

Christopher  is  a  freelancer  writer  in  San  Francisco.  She  can  be  reached  at 
abby_c_christopher@yahoo.com. 


•  Do  make  security  part  of  everyone’s  job  and 
part  of  the  culture. 

•  Do  write,  publicize  and  enforce  security  policies 
and  procedures  using  the  ISO  17799  standard 

as  a  guide. 

•  Do  make  sure  that  authentication  procedures 
are  well  established  and  practiced  throughout 
the  organization. 

•  Do  develop  questionnaires  to  measure  knowl¬ 
edge  and  understanding  of  policies. 

•  Do  create  incidence-response  teams  that  can 
act  when  security  breaches  occur. 

•  Do  work  to  obtain  adequate  funding  —  demon¬ 
strate  to  management  that  investing  in  security 
is  the  cost  of  doing  business. 

•  Do  penalize  employees  who  don’t  learn  and 
adhere  to  penalties. 

•  Do  change  passwords  regularly. 


Be  a  human  firewall! 


Become  a  security  superhero  to  your  organization  by  following  these  do’s  and  don’ts: 


•  Don't  leave  passwords  out  in  the  open  or  use 
easily  crackable  passwords. 

•  Don’t  delay  putting  patches  on  software. 

•  Don’t  open  e-mails  if  you  don’t  know  where 
they  come  from. 

•  Don’t  reveal  sensitive  information  by  carelessly 
talking  in  public,  such  as  having  a  cell  phone 
conversation  while  on  an  airport  shuttle. 

•  Don’t  leave  computers  running  all  night. 

•  Don't  take  laptops  loaded  with  sensitive  mate¬ 
rial  on  the  road  unless  you  have  security  in 
place  that  protects  data  in  case  of  theft. 

•  Don’t  connect  to  the  Internet  without  firewalls. 

•  Don’t  allow  access  to  employees  after  they 
leave  the  organization. 

•  Don’t  forget  to  require  that  traveling 
employees  use  VPN  software. 
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drives  down 
EDS  tool. 


The  E-vis  software  tool  lets  engineers  colla¬ 
borate  in  real  time  with  suppliers,  replacing 
weekly  travel.  Suppliers  are  connected  to  the 
GM  network  over  a  VPN  and  a  private  ATM 
network.  Messages  are  encapsulated  using  SOAP. 


Supplier 
Chatham.  Ontario 


Engineering 

design 


Corporate  firewall 
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E-vis 

GM  engineer 
Detroit 


Engineering 

design 


Supplier 
Juarez.  Mexico 


Engineering 

design 


General  Motors  is  bring¬ 
ing  new  vehicles  to  mar¬ 
ket  faster  with  help  from 
E-vis,  a  real-time  visuali¬ 
zation  and  collaboration 
tool  based  on  Microsoft’s 
.Net  implementation  of 
Web  services. 


Kirk  Gutmann,  GM’s  global  prod¬ 
uct  development  information  offi¬ 
cer,  laughingly  admits  that  he  took 
Iyer”  when  he  made  an  early  commitment  to  .Net  and 
b  services.  But  it’s  a  gamble  that  seems  to  be  generating 
jressive  gains.  As  a  result  of  its  new  emphasis  on  real- 
e  collaboration  (of  which  E-vis  from  Electronic  Data 
terns  [EDS]  is  a  linchpin), GM’s  new-vehicle  engineer- 
times  have  dipped  as  low  as  18  months  from  the  previ- 
;  average  of  40.  Assembly-line  defects  have  dropped 
d,GM  says,  and  inventory  costs  have  dropped  20%. 
ow  does  it  work?  An  engineer  at  GM’s  Powertrain  divi- 
changes  the  cylinder  head  of  the  company’s  Ecotec 
■liter  engine  to  improve  oil  flow. The  change  is  minor, 

:  because  the  engine  is  GM’s  first  genuinely  global 
>rt,  valve-train  suppliers  in  North  and  South  America, 
•ope  and  Asia  must  be  kept  in  the  loop. 

Bviouslyan  event  like  this  would  have  launched  a  flur- 
)f  e-mail  messages,  phone  calls  and  face-to-face  meet- 
s;  chances  are, several  suppliers  would  have  sent  repre- 
tatives  to  Detroit.  But  with  E-vis  4.0,  the  Powertrain 
;ineer  can  send  the  pertinent  Unigraphics  CAD/CAM 
to  all  parties  that  need  to  see  it.  Even  if  they  lack  a 
h-end  Unigraphics  system,  suppliers  can  view  the  data 
a  PC,  make  any  changes  needed  to  their  valves  and 
re  the  updated  information  with  GM. 
utting  product  development  time  is  key,  says  Kevin 
'Uty  research  director  for  automotive  strategies  at  AMR 
earch.  Automakers  have  a  shrinking  window  in  which 
neet  consumer  demand  for  low-production,  high-profit 
ides,  such  as  Chevrolet’s  new  SSR  hot-rod  pickup, 
n  a  wayGM  is  betting  the  company”  on  product  lifecy- 
management  (PLM)  tools  from  EDS. The  core  of  the 
'duct  development  process  is  a  company’s  engineers 
the  tools  they  use;  E-vis  is  a  way  for  GM  to  inexpen- 
Jy  extend  that  process  out  to  partners,  he  says. 

ground  floor 

Tien  you’re  evaluating  products,  it  never  hurts  to  be 
Fortune  One,  as  GM  workers  proudly  call  their 
ployer.  In  January  2001 ,  Gutmann  met  with  Microsoft 
3  Steve  Ballmer  for  a  debriefing  on  .Net.  Gutmann 
n  contacted  Charles  Grindstaff,  product  president  for 
PLM  division.  EDS,  which  was  in  the  process  of 
imping  its  visualization  and  collaboration  tool,  has 
m  the  writing  on  the  wall,"  Grindstaff  says,  and  it 
lied  Web  services.“We  wanted  to  work  more  on 
dication  functionality  as  opposed  to  being  in  the 
mbing  business.” 

Tiile  developing  E-vis  4.0,  EDS  PLM  worked  closely 
GM  on  workflow,  features  and  implementation 
les,  Grindstaff  says.  It  was  a  good  test  because  GM 
rs  are  spread  around  the  world  with  suppliers  rang- 
from  large  companies  to  mom-and-pop  operations, 
om  early  2001  until  late  2002,  GM  used  an  earlier  ver- 
of  E-vis.  Late  last  year,  the  company  moved  to  Web 
/ices-enabled  4.0  running  on  a  prerelease  version  of 


Microsoft  Windows  Server  2003.  GM  intends  will  com¬ 
plete  the  move  to  E-vis  4.0  and  Win  2003  this  month 

Gutmann's  team  decided  real-time  communications 
could  be  improved  through  such  measures  as  instant 
messaging, but  that  swapping  CAD/CAM  files  was  an  unre¬ 
alistic  goal  for  the  automaker’s  smaller  Tier  2  and  Tier  3 
partners.“lf  you're  a  large, strategic  supplier, you  re  already 
using  GM’s  CAD/CAM  system.”  AMR’s  Prouty  says.The 
problem  is  smaller  companies,  many  with  no  IT  organiza¬ 
tion.  E-vis  lets  them  communicate  with  GM.too.” 

It  does  this  by  building  on  the  .IT  format,  a  de  facto 
industry  standard  for  sharing  and  visualizing  lightweight 
data.  E-vis  lets  users  visualize  .IT  data  on  anything  from  a 
PC  to  an  immersive  virtual-reality  environment. 

To  allow  for  data-sharing  across  such  a  range  of  hard¬ 
ware,  E-vis  4.0  makes  use  of  the  protocols  that  underlie 
Web  services,  such  as  Simple  Object  Access  Protocol 
(SOAP)  for  message  encapsulation;  Universal  Description, 
Discovery  and  Integration  registries;  and  languages  XML 
and  Web  Services  Description  Language. 

The  automaker's  Powertrain  division  has  a  supplier  with 
facilities  in  both  Chatham,  Ontario,  and  Juarez,  Mexico. 
Previously  Powertrain  engineers  “would  drive  [from 
Detroit]  to  Canada  every  other  week  to  go  through  speci¬ 
fications  and  check  parts  for  interferences,”  says  Diane 
Jurgens,  GM’s  director  of  global  CAD  collaboration  and 
visualization  systems.  At  least  a  couple  of  team  members 
would  fly  to  Juarez  “at  least  once  a  month,” she  says. 

Now  the  supplier  has  downloaded  E-vis  4.0  at  both  facil¬ 
ities,  and  that  travel  has  nearly  vanished.  GM  Powertrain 
engineers  and  supplier  representatives  all  can  view  GM’s 
Unigraphics  data  in  real  time.  On  the  Microsoft  client  side, 
XML  and  SOAP  are  used  (for  Unix  workstations, Sun’s 
SunForum  data  collaboration  tools).TheT.120  videocon¬ 
ferencing  data  collaboration  standards  are  used  for  con¬ 
ference  control. 

Jurgens  says  all  parties  simply  could  e-mail  files  back 
and  forth,  but  they  would  lose  the  real-time  effect;  the 
files  tend  to  be  massive;  and  “e-mail’s  not  sufficiently 
secure,”  whereas  E-vis  4.0  makes  use  of  the  Secure  HTTP 

The  bottom  line  is  that  engineers  in  three  nations  in 
North  America  routinely  can  discuss  and  change  Uni¬ 
graphics  design  specifications  in  real  time. 

The  automotive  giant  also  is  developing  a  dealer-facing 
program  that  relies  on  the  Microsoft  technology Thilo 
Koslowski.an  automotive  analyst  at  Gartner, says, “GM  is 
working  on  a  .Net-based  portal  for  their  dealer  network.” 
The  portal,  called  DealerWeb.will  give  the  company’s 
14,000  dealerships  access  to  a  variety  of  applications, 
such  as  online  auctions. 

Gutmann  is  taking  Web  services  one  step  at  a  time; 
“We’ll  explore  [.Net-  and  Web  services-related]  opportu¬ 
nities  as  they  make  sense,"  he  says.“They’ve  got  to  add 
value,  and  you’re  going  to  need  the  right  security  model 
in  place.”  He  says  much  of  the  company’s  implementa¬ 
tion  work  focused  on  the  design  of  security  services  — 
data  sharing,  authentication  and  what  Gutmann  calls  a 
demilitarized  zone,  accessible  to  all  parties. 

Analysts  say  that  within  GM,  culture  and  complexity 
might  prove  to  be  the  twin  enemies  of  E-vis.  Despite  de¬ 
cades  of  technological  advance,  face-to-face  collabora¬ 
tion  remains  the  norm  in  the  automotive  industry  That's 
partly  because  of  tradition, -but  it’s  also  a  practical  necessi¬ 
ty  in  many  cases. 

“You’ve  got  thousands  of  suppliers’  products  in  any 
one  car,”  Koslowski  says.’There’s  a  real  learning  curve 
when  you’re  trying  to  make  sure  all  the  right  people  are 
collaborating  online.” 

Nevertheless,  real-time  collaboration  appears  to  be  the 
inevitable  wave  in  manufacturing,  and  GM  is  merging 
into  the  fast  lane. 

Ulfelder  is  a  freelance  writer  in  Southborough.  Mass.  He 
can  be  reached  at  sulfelder@charter.net. 


Complimentary  Event  for  Qualified  Attendees! 


Is  your  voice  over  IP  network  in  place?  Finally  up  and  running?  Now  the  ques¬ 
tions  start  and  the  real  work  begins.  Are  you  on  track  to  realize  the  power 
and  profits  of  a  converged  network?  Do  you  have  the  answers,  expertise,  and 
solutions  you  need  to  deliver  on  the  promise  of  your  deployment?  Join  us  at 
the  Network  World  Technology  Tour  Voice  Over  IP:  Maximizing  the  Impact  of 
Your  Rollout.  Learn  how  to  tackle  the  technical,  organizational  and  accounting 
requirements  that  position  you  to  meet,  indeed  exceed,  the  "day-two"  demands 
and  expectations  of  users  and  management  alike.  At  this  watershed  event  you'll 
compare  experiences,  establish  benchmarks,  and  gain  clarity  with  colleagues 
who  -  like  you  -  bridged  the  voice/data  gap,  defined  the  future  of  networks, 
and  now  lead  the  voice  over  IP  revolution. 

Advance  Reservation  is  Required  for  Complimentary  Attendance 

REGISTER  NOW! 

Online  at  www.nwfusion.com/events/voip2 
or  call  1-800-643-4668 


Practical  intelligence  &  takeaways: 

■  Cost,  quality  and  savings  benchmarks 

s  Training  programs  for  in-house  staff 
to  support  VoIP  deployments 

*  Industry  "best  practices"  performed 
within  other  IT  organizations 

»  Key  strategies  that  capture  both 
tangible  and  intangible  ROI 

«*  Tighter,  faster  integration  of  voice 
messaging  enterprisewide 

«  Comparative  evaluations  of 

leading-edge  products  and  services 


June  10 

New  fork,  NY 

June  12 

San  Jose,  CA 

June  17 

Philadelphia,  PA 

June  19 

Chicago,  IL 

Crowne  Plaza  Hotel 
Silicon  Valley  Conference  Ctr. 
Doubletree  Hotel 
Hyatt  Regency  O'Hare 
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.  to  A/eivorfc  and  IT  professionals  involved  in  the  evaluation,  purchase  and  implementation  of  voice  over  IP  products  and  services.  Network  World  Events  reserves  the  right  to 

determine  total  audience  and  profile  of  complimentary  attendees.  Paid  registration  is  also  available. 

sponsor  this  Network  World  event  or  if  you  are  interested  in  on-site  training  for  your  company,  contact  Andrea  D'Amato  at  508-490-6520  or  adamato@nww.com. 
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Monday,  June  2 

I .  I 

►  PICK  OF  THE  DAT 
I  3:45  to  5:15  p.m. 

VoIP  in  the  enter¬ 
prise:  Is  it  really  a 
smooth  ride? 

Voice-over-IP  networks 
have  appeal  as  a  possi¬ 
ble  way  to  save  money 
and  streamline  networks, 
and  are  the  main  driver 
for  convergence  in  many 
businesses.  But  what  is 
the  proper  architecture? 
How  do  you  ensure  quali¬ 
ty  of  service?  Is  there 
justification  for  expect¬ 
ing  VoIP  to  yield  more 
productivity  from  work¬ 
ers?  What  is  the  effect 
on  administration  of  cor¬ 
porate  nets?  VoIP  stan¬ 
dards,  architecture,  pre¬ 
deployment  testing,  in- 
service  monitoring  and 
management  for  enter¬ 
prise  VoIP  services  also 
will  be  discussed.  Scott 
Atkinson,  president  of 
ICSI  Consulting 
Services,  will  chair  this 
panel,  leading  Laura 
Thompson,  vice  presi¬ 
dent  of  marketing  for 
Sylantro  Systems,  and 
Alan  Clark,  president  of 
Telchemy. 


8:15  to  9:15  a.m. 

Information  secur¬ 
ity  -  large  enter¬ 
prise  imperatives 
and  solutions 

Never  has  corporate 
network  security  been 
more  of  a  concern, 
prompting  businesses  to 
spend  more  protecting 
their  assets  even  in  the 
face  of  cutbacks.  Indus¬ 
tries  such  as  banking  and 
healthcare  also  are  under 
new  regulations  to  pro¬ 
tect  their  networks  and 
data.  This  session  focuses 
on  steps  the  largest  cor¬ 
porations  are  taking  to 
boost  network  security. 
Hear  from  panelists 
William  Hancock,  chief 
security  officer  for  Cable 
&  Wireless,  and  Chris¬ 
topher  Leach,  CTO  of  IT, 
Bank  One. 


9:30  to  11:15  a.m. 

Enterprise  net¬ 
working  and  ser¬ 
vices:  New  market 
realities  and  busi¬ 
ness  drivers 

Corporations  face  new 
business  demands  that 
require  new  technical 
solutions,  and  new  tech¬ 
nologies  offer  new  busi¬ 
ness  opportunities.  This 
panel  looks  at  these  phe¬ 
nomena  from  the  point  of 
view  of  service  providers, 
vendors  and  corporations 
to  decide  if  it's  time  to 
hunker  down  and  keep 
current  strategies  or  to 
start  over.  Chairman  of 
the  panel  is  Jacob  Jakob- 
son,  president  of  Smart 
Solutions  Consulting.  He 
will  be  joined  by  Eric 
Bruno,  vice  president  of 
Verizon's  Enterprise  Serv¬ 
ices  Group;  Latif  Ladid, 
vice  president  of  Ericsson 
Telebit;  Eugene  Lee,  vice 
president  of  Enterprise 
Marketing  at  Cisco;  and 
Mark  Winther,  vice  presi¬ 
dent  of  worldwide  tele¬ 
com  at  I  DC. 

11:30  a.m.  to  1  p.m. 

Needs  met  and 
missed  for  enter¬ 
prise  users 

This  session  lets  repre¬ 
sentatives  from  two 
areas  blow  off  steam 
about  e-business  and  its 
effect  on  customers, 
internal  organization,  ROI 


O 

uperComm  2003  starts  June  1  in 
Atlanta,  bringing  together  the 
m  W  telecom  industry  at  one  of  its 

1^^^^^  most  challenging  times.  To  help 
steer  service  providers,  their  customers  and 
equipment  manufacturers  through  the  obsta¬ 
cles  that  bankruptcies,  a  difficult  economy  and 
political  uncertainties  have  created,  Super- 
Comm  has  prepared  52  educational  sessions 
divided  into  six  categories:  applications,  ser¬ 
vices  and  content;  broadband  networks  and 
services;  wireless  networks  and  services;  car¬ 
rier  IP  networks  and  services;  network  and 
information  security;  and  optical  networks  and 
services. 

The  show  also  includes  six  full-day  sessions 
on  IP  network  security,  broadband  service 
delivery,  next-generation  optical  networks, 
mobile  IP  and  data  services,  IP  convergence 
and  next-generation  broadband  networks. 

For  those  who  want  to  see  equipment  demon¬ 
strated,  more  than  500  exhibitors  will  display 
their  wares  at  the  Georgia  World  Congress 
Center.  The  floor  opens  at  9  a.m.  Tuesday, 
Wednesday  and  Thursday  of  the  show.  Here 
are  some  highlights. 


More  online! 

Go  to  www.nwfusion.com  for  an 

unabridged  planner.  DocFinder:  6029 


and  other  factors.  It  will 
be  a  reality  check  and  a 
brainstorming  session 
headed  by  Stephanie 
Atkinson,  an  analyst  with 
Frost  &  Sullivan,  with  pan¬ 
elists  Renee  Herr,  direc¬ 
tor  of  telecommunica¬ 
tions  and  chief  network 
officer  for  the  Georgia 
Technology  Authority,  and 
Charles  Gerlach,  execu¬ 
tive  consultant  for  busi¬ 
ness  value  at  IBM. 


2  to  3:30  p.m. 

Storage-area  net¬ 
works:  A  new  ser¬ 
vice  model  for 
enterprise  data 
management 

With  increasing  needs 
for  backing  up  storage  in 
centers  that  can  be  hun¬ 
dreds  of  miles  away,  busi¬ 
nesses  are  turning  to  opti¬ 
cal  SANs.  This  session 
will  consider  how  best  to 
extend  SANs  over  optical 
networks  and  new  regula¬ 
tions  that  are  prompting 
adoption.  Limitations  and 
capabilities  of  storage 
technologies  also  will  be 
discussed.  Philip  Edholm, 
CTO  of  Nortel,  will  chair 
this  session,  which  in¬ 
cludes  Don  Swatik,  vice 
president  of  the  global 
solutions  group  at  EMC; 
Jack  Hunt,  director  of 
storage  marketing  at 
Nortel;  Zeus  Kerravala, 
director  of  e-networks 
and  broadband  access  at 
The  Yankee  Group;  and 


NetworkWorld 


Herbert  Congdon,  global 
fiber  product  manager  for 
Tyco. 

Tuesday,  June  3 


►  PICK  OF  THE  DAY 
9  to  10:30  a.m. 

Is  there  a  business 
case  for  the 
enterprise  Metro 
Ethernet? 

LAN  capacity  has 
increased  100-  to  300-fold 
in  the  last  decade,  while 
metropolitan  networks 
have  seen  only  a  sixteen¬ 
fold  increase.The  result 
is  a  bottleneck.  But  ser¬ 
vice  providers  only 
recently  have  begun  to 
attempt  to  provide  Ether¬ 
net  services  over  native 
Ethernet  transport.  Will 
metropolitan  Ethernet 
break  the  bottleneck  and 
prove  to  be  the  revolu¬ 
tion  in  new  service  deliv¬ 
ery?  Nan  Chen,  president 
of  the  Metro  Ethernet 
Forum,  leads  a  panel  that 
includes  Ralph  Santitoro, 
director  of  network  archi¬ 
tecture,  Nortel;  Craig 
Easley,  director  of  solu¬ 
tions  marketing,  Rivers¬ 
tone  Networks;  Michael 
Kennedy,  co-founder, 
Network  Strategy 
Partners;  and  Robert 
Smith,  senior  director, 
DataTransport  and 
Connectivity,  BellSouth. 


8  to  8:45  a.m. 

Keynote:  "State  of 
the  Telecom 
Industry,"  David 
Dorman,  chairman 
of  the  board  and 
CEO,  AT&T 

Dorman 
how  the  ui 
omy, 
while 
wreaking 
havoc  on 
the  tele¬ 
com 
industry, 
has  not 
changed  the  fundamental 
imperatives  of  the  indus¬ 
try’s  players  —  meeting 
customer  needs.  He'll  talk  I 


ill  discuss 
teady  econ- 


David  Dorman 
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about  how  near-term  customer  goals  and 
incremental  improvements  in  network 
operation  will  lead  to  a  "cybernated  net¬ 
work,"  where  ingrained  intelligence  and 
innovative  use  of  directories  and  Multi-pro¬ 
tocol  Label  Switching  will  foster  a  single, 
self-managing  multiservice  infrastructure. 

10:45  a.m.  to  12:15  p.m. 

innovations  in  e-business:  How 
will  they  shape  the  enterprise 
industry? 

Success  of  e-business  translates  into  the 
success  of  the  enterprise,  yet  e-business 
management  is  rife  with  challenges. 
E-business  attempts  to  integrate  technolo¬ 
gies,  evolving  standards,  collaborations, 
processes  and  business  concerns  across 
national  boundaries  with  differing  business 
laws.  These  speakers,  from  different  busi¬ 
nesses,  regions  and  backgrounds,  will  hash 
out  the  issues  and  resolutions  to  e-busi- 
ness  and  its  role  in  the  enterprise.  Lundy 
Lewis  of  the  University  of  New  Hampshire 
chairs  the  panel,  which  includes  Ming- 
Chien  Shan,  senior  manager,  Enterprise 
Collation  Technologies,  HP  Laboratories; 
Masayoshi  Ejiri,  vice  president  and  chief 
scientist,  Fujitsu;  Cliff  Faurer,  senior  man¬ 


ager,  Telecommunications  Management 
Forum;  and  Pradeep  Ray,  professor, 
University  of  New  South  Wales,  Australia. 

12:15  to  2:15  p.m. 

Luncheon  keynote:  F.  Duane 
Ackerman,  chairman  and  CEO, 
BellSouth 

Ackerman  will  dis¬ 
cuss  strategies  for 
communications  suc¬ 
cess  in  this  age  of 
shrinking  voice  profits, 
curtailed  capital 
spending,  increased 
competition  from 
alternative  service 
providers  and  regulatory 

2:30  to  4  p.m. 

Infrastructure  and  enabling 
technologies 

This  panel  will  discuss  integration  chal¬ 
lenges  and  techniques  for  providing  a  reli¬ 
able,  secure  and  high-performance  service 
across  thousands  of  hot  spots.  But  once 
the  networks  and  back-end  systems  are 


integrated,  issues  in  delivering  and  billing 
for  an  end-to-end  broadband  wireless  ser¬ 
vice  must  be  addressed.  The  moderator  is 
Bob  Panoff,  principal  at  RPM  Strategy. 
Panelists  include  Parham  Momtahan,  vice 
president  of  research  and  development, 
Bridgewater  Systems;  Eugene  Chang,  vice 
president  of  strategic  business  develop¬ 
ment,  Funk  Software;  James  Blakley, 
director,  application  enabling  software, 
Intel;  and  Martin  Suter,  vice  president  of 
business  development,  MeshNetworks. 

Wednesday,  June  4 


►  PICK  OF  THE  DAY 
11  a.m.  to  12:30  p.m. 
Interoperability  of  802.11  with 
other  wireless  networks 

This  International  Engineering 
Consortium  panel  looks  at  key  issues 
surrounding  design  and  use  of  public 
wireless  hot  spots. Topics  include  how  to 
combine  carrier  and  Internet  security  and 
authentication,  managing  a  hot  spot,  how 
to  settle  for  roaming  charges  in  the  802.11 
world  and  new  services.  DosseviTrenou, 
marketing  manager  at  HP,  will  chair  the 


session,  which  includesTimothy  Allwine, 
director  of  VeriSign,  and  Gopal  Dommety, 
senior  technical  leader,  Cisco. 


Thursday,  June  5 

8  to  9  a.m. 

Plenary  panel:  Broadband  appli¬ 
cations  -  driving  the  economic 
recovery 

Vendors  and  service  providers  discuss 
their  techniques  for  facilitating  the  devel¬ 
opment  and  delivery  of  revenue-generating 
broadband  services  and  applications.  This 
panel  provides  a  unique  global  perspective 
on  next-generation  services  that  make 
money  for  corporations,  carriers  and  ven¬ 
dors  alike.  Dennis  Straub,  vice  president  of 
global  business  development,  broadband 
access  products  SBU  at  Thomson,  leads  a 
panel  that  includes  Paul  France,  head  labo¬ 
ratories,  Internet  &  Data  Design  Centre, 
BTexact  Technologies;  Bernard  Debbasch, 
vice  president,  VDSL  products,  Globespan- 
Virata;  Edward  Kennedy,  president,  opera¬ 
tions  and  executive  vice  president,  Tellabs; 
and  Martine  Lapierre,  vice  president  and 
CTO,  Carrier  Networking  Group,  Alcatel. 


F.  Duane 
Ackerman 
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Redline  Launches  T1/E1  Broadband 
Fixed  Wireless  Product  At  SUPERCOMM 

Redline’s  new  AN-30T  system  is  a  non-line- 
of-sight,  broadband  fixed  wireless  product. 
Targeted  on  carriers  and  telcos,  it’s  designed 
to  cut  costs  for  applications  which  include 
wireless  mobility  backhaul,  WISP  data  hotspot 
backhaul  and  enterprise  WAN  connectivity 
(voice  and  data). 

It  joins  the  AN-50  in  Redline’s  growing  product 
portfolio.  Both  systems  function  at  up  to  72 
Mbps  over  the  air  and  support  ranges  beyond 

50  miles. 

Come  visit  us  at  Booth  11526. 
www  r  rJlinecommunications.com 


Remole  Netuvuk  Management 


□  western" 

D  telematic  inc. 


WTI's  NetReach  family  of  remote  site  manage¬ 
ment  products  allows  network  administrators  to 
support  and  manage  network  elements  located 
at  remote  sites.  The  NetReach  product  line 
includes  in-band  and  out-band  console  and  ter¬ 
minal  switches,  remote  reboot  and  power  man¬ 
agement  solutions,  secure  dial-up  rack  mounted 
modems  and  automated  A/B  Fallback  Switches. 


Introducing... 

★  SCM-16 

Secure  Console  Manager 

16  serial  Port  SSH  Console  Manager. 
Multi-session  Telnet,  plus  many  other 
new  features! 

I  PS- 1 5 

★  Internet  Power  Switch 

Control  power  on  any  AC  powered 
Device. ..via  web  browser,  Telnet, 
modem  or  local  terminal! 


See  us  at  Supercomm 
Booth  #23128 


Sign  up  for  any  or  all  of  our  free 
technology  specific  e-mail 
newsletters.  Topics  include: 

■  High  Speed  LANs 

■  Security 

■  Wireless  in  the 
Enterprise 

■  Network/Systems 
Management 

■  Cisco  News  Alert 

■  And  more! 


Sign  up  today  at: 

(www.nwwsubscribe.com/FQC270) 
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The  big-picture  view  on  product  testing 


TESTER'S 

CHOICE 

Joel 

Snyder 


Is  it  possible  that  security  product  re¬ 
views  could  actually  be  bad  for  the  con¬ 
sumer  in  the  long  run?  Interesting  ques¬ 
tion.  By  focusing  on  things  one  can  mea¬ 
sure,  and  bypassing  things  one  can’t,  one 
could  argue  that  product  reviews  might 
encourage  buggy  less  secure  products. 

Most  reviewers  get  a  limited  budget  — 
in  time,  dollars  and  words  —  to  evaluate 
a  security  product.  In  the  space  available, 
they  usually  focus  on  features  and 
performance. 

Reviewers  like  objective  things,  or  nearly 
objective  things.  And  measuring  sessions  or 
bits  or  megahertz  is  pretty  darn  objective. 
So  is  evaluating  features.  Runs  on  Linux,  or 
doesn’t.  Scans  for  viruses,  or  doesn’t.  That’s 
the  kind  of  review  that  is  defensible  and  fits 
in  the  constraints  set  for  all  of  us. 

Let’s  turn  now  to  the  product  manage¬ 
ment  team  at  a  security  vendor. They  also 
have  limited  resources,  such  as  an  engi¬ 
neering  team  that  can  only  do  so  much. 
Because  reviews,  press  releases  and 
product  buzz  are  a  critical  part  of  any 
marketing  plan,  there’s  a  lot  of  incentive 
to  play  to  things  to  excite  people.  Lots  of 
performance.  New  features.  Whiz-bang 
graphical  user  interface  tricks.  So  when  it 
comes  time  to  allocate  engineering 
resources,  product  management  is  going 
to  give  a  higher  priority  to  things  that  help 
sell  the  product  —  and  a  lower  rating  to 
things  that  make  it  more  secure  but  no 
one  can  measure. 

A  concrete  example  is  stateful  packet  fil¬ 
ters.  Cisco,  Check  Fbint,  NetScreen  Technol¬ 
ogies,  SonicWall,WatchGuard  Technologies 
—  all  use  stateful  packet  filters  inside  their 
products.  But  none  explains  how  they  im¬ 
plement  them.  They  have  nice  white 
papers  with  pretty  pictures,  but  if  you  think 
about  exactly  what  it  takes  to  write  a  pack¬ 
et  filter,  there  are  many  subtleties  involved. 

Packet  filters  follow  the  TCP  state  ma¬ 
chine.  The  tighter  the  boundaries  placed 
on  the  state  machine,  the  less  chance  of  a 
rogue  packet  making  it  through.  You  can 
follow  the  state  machine  very  closely  in 
writing  your  filter,  or  be  sloppy  Taking  the 
easy  route  has  a  lot  of  benefits. Your  prod¬ 
uct  runs  faster.  Your  code  is  simpler  and 
easier  to  write,  meaning  less  chance  of 
bugs.  Plus,  because  you  can  hide  behind 
the  veil  of  trade  secrecy,  no  one  will  know. 
Maybe  a  reviewer  will  figure  it  out.  But  it’s 
unlikely 

However, your  firewall  is  less  secure.  Fast, 
but  loose.  Excellent  performance  num- 
bers.great  reviews.  Almost  certainly  no  one 
will  figure  out  the  trade-offs  you  made. 
Probably  no  one  will  find  a  way  to  exploit 
your  sloppiness.  It’s  pretty  sure  that  your 


customers’  networks  will  be  safe. 

On  the  other  hand, maybe  not.  And  if  not, 
it’s  partially  the  reviewer’s  fault.  What  can 
you  do  about  it?  Product  reviews  in  trade 
publications  are  a  great  place  to  start  your 


search  for  product  information.  But  you 
need  to  do  more.  Third-party  certification 
can  help.  And  nothing  substitutes  for  taking 
it  into  your  lab  and  running  tests. 
Remember,  it’s  your  network  on  the  line. 


Snyder  is  a  senior  partner  with  Opus  One, 
a  consulting  firm  in  Tucson,  Ariz.,  and  a 
member  of  the  Network  World  Global  Test 
Alliance.  He  can  be  reached  at  Joel.Snyrler@ 
Opusl.com. 


DO  YOUR 
NETWORK  & 
APPLICATIONS 
GET  ALONG? 

Imagine 

no  compatibility  issues, 
no  conflicts. 


Like  family,  IP-based  enterprise  networks  and  their 
applications  should  rely  on  each  other.  But  living 
under  the  same  roof  doesn't  guarantee  harmony. 
And  that  discord  comes  at  a  high  Cost.  F5  products 
bring  everyone  into  perfect 
agreement  by  creating  a 
virtual  team  out  of  servers, 
applications,  WAN  links, 
data  centers,  security  devices  and  more  to  intelli¬ 
gently  deliver  information  over  any  IP  network. 


When  everyone  is  working  together,  you'll 
achieve  the  high  availability  performance  you 
need,  combined  with  an  efficient,  secure  network 
infrastructure  that  ensures  the  reliable  delivery  of 
Internet  traffic,  applications  or  Web  services — 
all  at  a  cost  you  can  afford. 

Imagine  harmony  that  produces  world-class 
performance.  To  learn  how,  download  our  free 
guide,  "Delivering  secure,  predictable  and  cost- 
effective  applications"  at  www.f5.com/atmnw. 

Or  call  800-916-7152. 
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Avoiding  obsolescence 

Learn  how  to  steer  your  company  through  business  cycles 


BY  BENJAMIN  SHERMAN 


In  IT,  you’re  either  a  manager  or  purveyor  of  obsolescence.  It’s 
all  about  timing. 


Following  economic  recessions,  the  win¬ 
ners  are  those  who  manage  the  loss  of 
intellectual  capital  and  resist  self-perpetu¬ 
ating  specialization, and  learn  to  control, 
consolidate  and  converge  technologies. 

Are  you  a  leader?  Most  are  followers 
who  proliferate  pieces  of  technology 
while  gambling  on  that  piece  getting 
lucky.  Leaders  will  spot  products  out  of 
step  with  the  present  business  cycle  by 
tracking  rate  of  depreciation. They  will 
reject  increasingly  ambiguous  total-cost-of- 
ownership  calculations  and  correct  mis¬ 
alignment  between  business  function  and 
IT  architecture. 

Followers,  on  the  other  hand,  become 
predictable  profit  streams  for  vendors,  reli¬ 
ably  upgrading  at  every  planned  obsoles¬ 
cence.  Buying  into  convenience,  the  fol¬ 
lowers  will  accept  free  customization  of 
their  ERP  and  CRM  systems,  buy  propri¬ 
etary  code  and  readily  accept  consult¬ 
ing/vendor  partnerships. 

Those  who  are  neither  clear  leaders  nor 
followers  probably  can  spot  proprietary 
technology  lock-in  ploys,  but  might  over¬ 
look  the  total  of  all  the  distributed  pur¬ 
chasing  decisions:  too  much  of  everything. 

My  colleagues  and  I  have  learned  to  pre¬ 
dict  success  and  failure  by  comparing  a 
company’s  IT  decision  history  against  a 
benchmark  chart  of  industry  trends.  We 
look  for  synchronicity  between  corporate 
technology  path  and  industry’s  ever- 
changing  curves.  From  mapping  our 
dients'dead  ends  and  obsolescence  rates, 
we  have  derived  five  good  practices: 

1.  ‘Moore’  doesn't  mean  better. 

Moore’s  law  predicts  that  every  couple 
of  years  a  new  generation  of  chip  inevit¬ 
ably  leads  to  new  PCs,  routers  and  minia¬ 
ture  consumer  goods  offered  roughly  at 
the  same  price  but  with  100%  more  power. 
However,  some  leaders  have  rejected  the 
necessity  of  following  Moore’s  Law  with 
their  purchasi :  ig.  For  example, Google  CEO 
Eric  Schmidt  says  the  64-bit  Itanium  pro¬ 
cessor  doesn't  matter  to  his  business.  He 
doesn't  not'd  maximum  power  at  the  high¬ 
er  density  but  rather  maximum  functional¬ 


ity  Schmidt’s  business  is  based  upon  algo¬ 
rithmic  logic.  Google’s  transactional  scale 
model  relies  upon  lots  of  simple,  inexpen¬ 
sive  swappable  boxes,  and  in  the  future, 
perhaps  a  distributed  grid,  not  denser 
chips.  Not  all  business  processes  benefit 
from  the  latest  and  greatest.  Re-engineer¬ 
ing  processes  to  make  sure  they  don’t 
require  Moore  maximizes  ROI. 

2.  Resist  the  compulsion  to  outsource. 

Outsourcing  is  like  sweeping  problems 
under  the  carpet.  Most  large  companies 
outsource  IT  functions  because  they  can¬ 
not  resolve  service  needs  efficiently.  Rather 
than  fixing  the  broken  business  processes 
and  breaking  down  institutional  barriers, 
outsourcing  passes  the  challenge  to  the 
vendors.The  lowest-priced  outsourcer 
quickly  magnifies  inefficiencies  with  larg¬ 
er  and  larger  invoices.  It’s  prudent  to  first 
reduce  the  number  of  vendors  in  an  envi¬ 
ronment,  create  structures  that  audit  busi¬ 
ness  cases, standardize  technology  and 
offer  incentives  for  adoption  of  cost  sav¬ 
ings  through  chargeback. 

3.  Consolidate  with  converging  technology. 

Optimization  often  paves  the  way  for 
higher-level  operations-support-system 
tools  that  integrate  even  the  most  propri¬ 
etary  approaches.  For  example, subdisci¬ 
plines  of  IP  traffic  engineering,  perfor¬ 
mance  management,  network  monitoring, 
load  balancing,  perimeter  security  and 
chargeback  are  converging  into  a  single 
optimized  IP  traffic  management  arena. 
These  products  share  management  infor¬ 
mation  base  or  SNMP  discovery  algo¬ 
rithms.  Alert  thresholds  and  statistical 
methods  can  autoprovision  and  assist  in 
end-to-end  packet  analysis. 

Managers  now  can  roll  their  own  solu¬ 
tions  with  open  source  software,  re-use 
their  old  probes  or  buy  a  single  do-it-all 
box  on-the-cheap.  Finally,  the  rack  and 
shelves  of  redundant  tools  can  be  cleared. 
With  any  luck,  the  department  responsible 
for  monitoring  IP  service-level  agreements 
wasn’t  outsourced  to  the  IP  vendor,  be¬ 
cause  consolidation  and  control  in  the  net¬ 


work  operations 

center  or  data  center  with  IP  tool  conver¬ 
gence  can  help  save  money  through  right- 
sizing  telecom  expenses. 

4.  Cut  interaction  costs. 

Rapid  exchange  of  information  leads  to 
greater  productivity  but  technology  can 
create  an  information-exchange  bottle¬ 
neck.  Some  technologies  require  re 
trained  staff,  and  IT  professionals  might 
perpetuate  obsolete  systems. 

The  more  staff  dedicated  to  slowing 
exchange  of  information  via  content  filter¬ 
ing,  security  policies  and  self-serving 
bureaucratic  procedures,  the  higher  the 
cost  for  every  interaction. 

To  prevent  information  lag,  train  some 
generalists  with  practical,  hands-on  experi¬ 
ence  in  multiple  departments  or  encour¬ 
age  leaders  to  cross-manage  a  number  of 
different  disciplines.  Creative  cross-trained 
individuals  will  predict  coming  trends, 
think  outside  the  cubicle  and  clean  up 
interdivisional  problems  while  speeding 
interactions. 

5.  Look  past  the  Windows. 

If  we  have  learned  anything  from  busi¬ 
ness-continuity  planning  post-Y2K  and 
Sept.  1  hit’s  that  we  can’t  rely  on  physical 
assets  and  soon-to-be-obsolete  operating 
systems. Yet,  Microsoft  is  struggling  to  pro¬ 
liferate  the  desktop  software/  hardware/ 
location  model  as  IBM  tries  to  lure  cus¬ 
tomers  back  to  the  proprietary  central 


ELIZABETH  BRANDT 

mainframe.  Both  paths  perpetuate  flawed 
code,  foster  dependence  and  worse:  Your 
data  might  end  up  in  obsolete  archives 
with  no  functional  readers. 

Interchangeable,  massively  distributed 
but  extensible  architectures  are  likely  the 
next  phase  in  IT  evolutionary  thinking.The 
new  and  best  standards  in  that  arena  are 
open. The  future  of  proprietary  Windows 
on  the  desktop  eventually  must  cede  to 
Internet-based  graphical  user  interfaces 
and  operating  systems.  Mainframe  win¬ 
dows  also  will  cede  to  extensible  and  dis¬ 
tributed  architectures. 

Adhere  to  a  principle  of  proprietary 
Windows  nonproliferation  —  otherwise,  it 
will  fixate  your  architects  and  distract  you 
from  adopting  the  next  global  information 
paradigm. 

Senior  IT  managers  know  change  is  the 
normal  condition,  but  might  not  yet  real¬ 
ize  that  tracking  rates  of  obsolescence, 
slowdown  of  information  interaction  and 
proliferation  of  proprietary  technologies 
will  help  them  fend  off  moves  to  out¬ 
source  their  domains.  Such  a  strategic  real¬ 
ization  defines  the  next  business  cycle’s 
leaders  or  followers;  those  to  be  and  those 
not  to  be  obsolete. 

Sherman  is  a  senior  consultant  at  Green¬ 
wich  Technology  Partners,  a  network  infra¬ 
structure  consulting  and  engineering  firm. 
He  can  be  reached  at  bsherman@ 
greenwichtech.  com. 


KVM  switching  with  local 
and  remote  control 

Advantage:  Avocent 


EASIER  TO  USE 

•  Access  and  control  servers  from  any  location  using  Avocent's 
KVM  OVER  IP™  switching 

•  AVWorks  software  is  included  with  AutoView  1000R/2000R 
switches.  Provides  a  single  interface  to  access  servers  and 
network  devices 

•  User-friendly  interface  lets  you  organize  the  attached  servers.  Use 
logical  naming  conventions  to  group  your  servers  by  type,  site, 
location  or  department.  No  need  to  remember  each  IP  address! 

•  Wizard-based  installation  drastically  reduces  the  time  required  for 
setting  up  similar  technologies 


MORE  ADVANCED  FEATURES 


•  Servers  are  attached  using  intelligent  CAT  5  server  interface 
modules  that  reduce  cable  issues  in  the  rack 

•  Assign  granular  security  permissions  for  each  individual  port 
number  with  Java-based  AVWorks  software 

•  Comprehensive  security  includes  authentication  and  data 
transfers  using  SSL  connections 

•  Supports  DES,  3DES  and  128bit  encryption 


AutoView 
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Call  for  an  Avocent  Authorized  Reseller  near  you 

1  866-286-2368  ext.  3006 


Special  offer  on  these  new  switches:  Download  your  free 
copy  of  Avocent's  Definitive  KVM  Buyer's  Guide  at 
www.avocent.com/guide  or  call  1-866-286-2368  ext.  3006. 

Avocent.  the  Avocent  logo.  AutoView.  AVWorks,  KVM  OVER  IP  and  The  Power  ot  Being  There  are  trademarks  of  Avocent  Corporation.  Copyright  £  2003 

Avocent  Corporation. 


Avocent. 

The  Power  of  Being  There  . 
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On-screen  display  (OSD) 
adjustments 


A  full  size  keyboard  with  1 04  full 
travel  keys  and  integrated  number 
pad 


An  integrated  trackball  to  eliminate  the  need 
for  an  external  mouse 


1024x768  resolution  for 
exceptional  image  quality  for  most 
server  applications 


Active  matrix  TFT  displays  that  emit  less 
heat  and  use  less  than  half  the  power  of 
comparable  CRT  monitors 


Ability  to  connect  to  a  server  or  KVM 
switch  via  a  standard  VGA  connector 

^nter  t0  WIN  a  FREE  APC  LCD  Monitor  today.  A  $2239  value! 

V\s\lhttpy/promo.apc.com  Key  Code  k376y  •  Call  888-289-APCC  x6543  •  Fax  401-788-2797  i 

©2003  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston.  Rl  02892  USA  j 


product  carrying  this  mark 
has  been  tested  and  certified  for 
use  with  InfraStruXure'’ 
architecture.  Before  you  buy, 
check  for  the  X  to  guarantee 
product  compatibility. 


APC 

Legendary  Reliability® 

AX2A3EP-US 


satisfied  customers,  ARC'S 
Legendary  Reliability"' 
guarantees  peace  of  mind. 


Introducing  APC's  Rack-mount  LCD  Monitor 

As  floor  space  in  your  IT  environment  becomes  more  expensive  and  difficult  to 
allocate,  you  need  to  utilize  your  rack  enclosure  space  as  efficiently  as  possible. 

A  traditional  CRT  monitor,  monitor  shelf,  keyboard,  and  keyboard  drawer  take  up  to 
13U  of  your  valuable  rack  space.  An  APC  rack-mount  LCD  monitor/keyboard  drawer 
offers  you  the  same  functionality  while  using  only  1 U  (1 .75")  -  leaving  you  with  up  to 
12U  of  valuable  space. 


FEATURES  INCLUDE 


/<T>>  Common 
/TmT\  Criteria 

'TBKEAL4* 

CERTIFIED 


FIREWALL/VPN  APPLIANCES 


For  white  papers  on  Rock  Solid  Security  go  to: 

www  cyberguard.com/rocksolid/nw.cfm 

Phone:  954  958  3878  •  e-mail  info@cyberguard  com 


nOMAI  N 


THOMAS  MAT  ZEN 

Vice  President. 

Head  of  Network  Security 
Commerzbank  AG 

With  assets  of  more  than  $ 420  billion,  Commerzbank, 
based  in  Frankfurt.  Germany,  is  one  of  Europe's  leading 
banks. 

“Information  technology  is  a  key  factor  in  the  financial 
business  and  our  data  is  one  of  the  most  valuable 
assets  we  have. 

“We  first  chose  CyberGuard  in  1997,  not  only  because 
they  are  the  first  vendor  in  the  world  to  achieve  EAL4 
certification  for  their  firewall  appliances,  but  also 
because  we  wanted  a  highly  secure  product  which 
offers  us  a  multilevel  secure  operating  system,  proxy 
abilities  and,  of  course,  high  availability. 

“Today,  CyberGuard  products  protect  all  external 
connections,  including  the  Internet  as  well  as 
connections  with  vendors  such  as  Reuters  and  other 
third  party  networks.  This  infrastructure  is  being  used 
by  some  35,000  users  worldwide,  serving  800  German 
locations  and  over  20  international  locations  across 
four  continents." 


CyberGuard's  security  solutions  are  found  in  Global  2000 
companies  and  governments  worldwide.  CyberGuard's  award- 
winning.  premium  firewallA/PN  appliances  maintain  complete 
separation  of  network  traffic  from  system  components. 


Experience  Counts.  GTA  incorporates 

eight  years  of  firewall  experience  into 
5  new  firewall  appliances  for  the  SME 
market.  With  features  including  VPN 
hardware  acceleration,  high  availability, 
content  filtering  and  gigabit  support, 
GTA  offers  complete  firewall  solutions 
at  a  price  SME  businesses  can  afford. To 
learn  more  about  our  family  of  firewalls 
visit  our  website  or  contact  a  GTA 
channel  partner. 
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N gw  you  can  gain  control  with 
advanced,  remote  power  distribution 

The  space-saving  ARC  MasterSwitch  is  a  perfect  0  "U"  fit  for  networks,  colocation  facilities,  and 
ISPs  -  anywhere  remote  control  of  outlets  is  required. 

Control  power  to  your  valuable  connected  network  devices  using  MasterSwitch's  remote  on/off/reboot 
capability.  Ideal  for  any  situation  where  rebooting  or  power  cycling  is  required  of  equipment  or  “locked-up” 
servers.  The  MasterSwitch  mounts  vertically,  requiring  zero  U  space,  leaving  you  with  more  room  for  your 
network  equipment.  Trust  your  remote  management  needs  to  the  leader  in  power  protection:  APC.  To 
learn  more  today  visit  us  online  at  www.apc.com 

OPTIMIZED  FOR  MANAGEMENT  AND  CONTROL 


•  Wireless  Application  Protocol 

•  Boot-P  support 

•  Accessible  terminal  block  for  hardwire 
capability 

•  Event  configuration 

•  E-mail  notification 

•  Vertical  mounting,  requiring  zero  'll' 
of  space 

•  Remotely  manage  outlets  by  turning 

•  Requires  separate  control 


outlets  on/off  or  rebooting  connected 
equipment 

•  Built-in  Ethernet  interface*  for  direct 
connection  to  the  LAN 

•  MD5  authentication  security 

•  Power-up  sequencing  lets  you  configure 
the  sequence  in  which  power  to  outlets  is 
turned  on  or  turned  off. 


Enter  to  WIN  a  FREE  APC  MasterSwitch"  today. 

Visit  http://promojpc.com  Key  Code  k378y  •  Call  888-289-APCC  x6545  •  Fax  401-788-2797 
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Every  product 
carrying  this  mark 
has  been  tested  and 
certified  for  use  with 
InfraStruXure" 
architecture.  Before 
you  buy,  check  for  the 
X  to  guarantee 
product  compatibility. 


With  over  IS  million 
satisfied  customers,  APC's 
Legendary  Reliability'' 
guarantees  peace  of  mind. 


Legendary  Reliability* 
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UltraLink™ 

■  Connects  to  standalone  computers  or  any  KVM  switch 
*  High  quality  16-bit  video  at  up  to  1280x1024  resolution 


UltraLink  sets  a  new  standard  in  remote  management  of  server  room 

environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT  Rose  Electronics 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your  10707  Stancliff  Road 

computers,  it  deploys  easily  and  works  on  any  operating  system,  such  Houston,  TX  77099 

as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 


v  Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

*  Encrypted  communication  produces  highly  secure  operation 
-  Sea  r,g  and  scrolling  features  for  maximum  flexibility 


The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44  (0)  1264  850574 
+617  3427  5353 


A 


*■  Single  mouse  cursor  simplifies  user  interface 
i  S to;  ■  servers  from  one  screen  with  quad  screen  mode 
■  Lifetime  free  flash  upgrades 


Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 

Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


WWW.ROSE.COM 
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•  Unparalleled  Price  -  offering  the  lowest  cost/MB  available  today 

•  Unmatched  Capacity  -  up  to  8  TB 

•  Performance  -  reach  up  to  240  MB/sec.  sustained  throughput 

•  Connectivity  -  Fibre  Channel  and  SCSI  interfaces  for  increased  flexibility 

•  Interoperability  -  certified  with  all  leading  hardware  and  software  vendors 

•  Ease  of  Integration  -  plug  &  play  with  auto-configuration  gets  you  up  and 
running  quickly 


7i6.sei.iees 

attotech.com/nwwd 


Power  Behind  the  Storage 

RAID  storage  arrays  •  Fibre  Channel  bridges  •  IP  bridges 
•  SCSI  and  Fibre  Channel  host  adapters 
Fibre  Channel  hubs  •  SAI\I  connectivity  software 


ATTD  Technology,  Inc. 
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eb  Based  Power  Swi 


Yes,  you  can  Switch 
Power  over  the  Internet... 


3WTI  -  Internet  Power  Switch  -  Microsoft  Internet  Explo 


J  file  £dfc  View  Favorites  X00*5 


*60  AMPS  MA( 


Web  Browser  Access  for  Easy  Operation 
Telnet  and  Serial  Access 
Encrypted  Password  Security 
Expandable  to  Five  (5)  Individual  Outlets 
Each  Outlet  can  Switch  a  15  Amp  Load 
On  /  Off  /  Reboot  Switching 


Servers,  routers,  and  other  electronic 
equipment  sometimes  “lock-up,” 
often  requiring  a  service  call  to  a 
remote  site  just  to  flip  the  power 
switch  to  perform  a  simple  reboot... 

The  IPS-15  gives  you  the  ability  to 
perform  this  function  from  anywhere! 


INTERNET  POWER  S 


LOCATION:  IPS-15  Live  Demo  Unit 


Plug 

Name 

Status 

On 

on 

Boot 

1 

Serverl 

1  owl 

r 

r 
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2 

Server_2 
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3 

4 

5 

All 

Plugs 


Setup  Logout 


Refresh  |  Apply  |  Cor  cel  | 
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Expandable! 
Using  IPS  Satellite  Units... 


www.wti.com 


(tool  854-7220 
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"Keeping  the  Net.. .Working!" 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in' plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 
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Expert  Observer 

Observer  Suite 

$2895  $ 3995 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  8  Europe  +44  (0)  1959  569888  •  Fax  +44  (0)  1959  569881 

©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  "N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 
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SSH  or  Out-Band  Access  ti 
Consoles  at  Remote  Locations 


■  Secure  Shell  (SSHv2)  Encryption 

■  Simultaneous  SSH  or  Telnet 

■  Non-Connect  Port  Buffering 

■  SYSLOG  Reporting 

■  SNMP  Capability 

■  Any-to-Any  Port  Switching 

■  IP  Security  Features 

■  10/100  Base-T  Ethernet  Port 

■  Port-specific  Password  Protection 

■  Data  Rate  Conversion 

■  1 1 5/230VAC  or  -48VDC  Models 

The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the  Visit  WBbsitB  for  Complete  NetReSCil™  product  line. 

SCM-16  serial  outputs. 


(800)  854*7226  •  www.wti.com 

5  Sterling  •  Irvine  •  California  92618*2517 
(949)  586-9950  •  Fax:  (949)  583-9514 
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COMPLETE  REMOTE  KVM  CONTROL  VIA  TCP/IP 


CONTROL  KEYBOARD,  VIDEO  AND  MOUSE  REGARDLESS  OF  LOCATION 
With  the  Kaveman  networking  device,  you  can  remotely  control  servers,  either  over 
the  Internet  or  a  local  network,  down  to  the  BIOS  level. 

ACCESS  SERVERS  USING  A  WEB  BROWSER  OR  VNC 

All  you  need  to  operate  Kaveman  is  a  web  browser  or  VNC  on  the  remote  client.  No 
additional  software  is  required.  And  no  software/users  licenses  help  keep  your  costs 
down. 

REMOTELY  CONTROL  POWER 

Through  the  user-friendly  Kaveman  GUI,  you  can  control  the  power  of  up  to  eight 
devices. 

AUTOMATICALLY  MONITOR  SERVER  ACTIVITY 

Kaveman  automatically  monitors  critical  server  vitals  such  as  power,  video,  and 
keyboard  response;  it  alerts  you  to  crashes  and  enables  you  to  quickly  respond  to 
problems. 


Available  in  single,  eight  and  sixteen  channel  versions  www.digitalv6.com  Toll  Free  1-866-922-2333  Resellers  anp  Disitributprs  Wef  ‘ 
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Barcode  scanners 


Hospitality' 


Healthcare 


rocess -Control 


Connect  with  ease! 

RS-232,  RS-422  &  RS-485  serial  connectivity  for  a  wide  variety  of  applications 


Medical 

monitoring 


Rre 

safety 


Modems 


Reclept 

printers 


Cash 

counters 


Card 


Cash 

drawers 


Scales 


Serial  monitors 


readers 
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Call  today  for  a  FREE  30-day  product  evaluation:  1-800-275-3500,  Ext.  615  or  954-746-9000,  Ext.  615 
Email:  sales@equinox.com  -  intlsales@equinox.com.  For  more  information  visit  www.equinox.com 


ESP  Family  of  Serial  Hubs 

Connect  serial  ports  at  the  point  of  need  and 
eliminate  cabling  nightmares.  ESP  Multi-Interface 
models  support  RS-232,  RS-422  and  RS-485 
serial  protocols  for  a  wide  range  of  applications. 


NEW! 


ESP-2  Ml 


ESP-2  Ml  Serial  Hub 

The  ESP-2  Ml  is  a  compact  Multi-Interface,  2-port 
serial  hub  that  provides  versatile  RS-232,  RS-422 
and  RS-485  support  for  industrial/manufacturing 
and  commercial  applications. 


With  Style. 


Now  design  flair,  flexibility  and  comfort  into  your 
data  center  with  NOC  Vision  from  SMC.  Modular 
construction,  numerous  configuration  possibilities, 
multiple  tiers,  accents  in  your  company's  colors 
and  many  other  unique  features  compliment  any 
work  environment.  Create  a  command  bridge 
that's  a  perfect  melding  of  function  and  style. 


Total  Solutions  in  hardware  storage, 
monitoring  and  management 

1-800-SMCPLUS  www.smcplus.com 

100  Progress  Parkway.  PO  Box  431.  Conklin,  NY  13748 


NDC 

Vicinn 


Power  Control 


What’s  Your 
Current’  Load? 


Verify  Amps  Used  per  Circuit 
with  Sentry  Input  Current  Monitor 

•  Precisely  measure  the  current,  in  amps, 
for  each  power  circuit 

•  Prevent  overloads  on  existing  power  circuits 

•  Reduce  costs  for  additional  power  circuits 

•  Overcurrent  alarms 

•  Remote  Measurement  via  IP  or  RS-232 

•  Local  Measurement  via  digital  display 

Sentry  Power  Tower.  Equipment  Cabinet  Solutions. 


Server  Technology,  Inc. 


1040  Sandhill  Drive  Reno,  Nevada  89511  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 
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order  now:  310-416-1200 

or  visit 

www.ContiComp.com 

We  Specialize  In... 


Make  the  Smart  Choice, 

^  Trust  the  Experts  ™ 

^Continental 

Computers  «-,« 


Cisco  Systems 


Authorized 
Reseller 

These  logos  are  a  trademark  of  their  respective  companies  and  services 


FREE  Gift 
With  Every 
Purchase 


toll  free  800  879  8795 
ph:  + 1  402  575  3000 
fax:  +1  402575  2011 


OptimumDatalnc. 

www.optimumdata.com 


Cisco  •  Paradyne  •  ADTRAN  •  Sun  •  Extreme  Networks 


10/100  Ethernet  LAN  Tester 


(Palm  ml05 
included) 


Design  Engineers: 

Evaluate  &  test  new 
equipment  under 
development 
Network  Engineers: 

Determine  faulty 
NIC  cards,  wiring,  & 
network  equipment 


Displays  network  utilization,  packets 
&  statistics 

Captures  &  generates  various  error 
packets 

Network  load  testing  function 
Full  auto  negotiation  &  DHCP  ready 


Toil  Free  1-866  442  7767 
v\u w  smartronix.com/products 


ROUTERS, 
SWITCHES,  GBICS, 
MODULES,  ADAPTERS, 
SERVERS,  OPTIONS 

BUY  *  SELL 

CISCO  ■  NORTEL 
3COM  ■  FOUNDRY 
EXTREME  ■  JUNIPER 
IBM  ■  LUCENT 
NEW  *  USED 

JE  Components,  Inc 

310  643-6021 

www.jecom.com 

Located  near  LAX  Airport 


ORK  HARDW 
&SERVERS 


Ciici  Swm 


Easy  as 

oeu. 


COMPAQ. 
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Your  #1  Source  -  Since  1990 

770-772-6000 


Advertise  in  the  Marketplace 
and  watch  your  sales  come 
pouring  in! 

Call  Direct  Response  Advertising 

1-800-622-1108 


1  CISCO 


“EXTREME 

*T*  '  '  jSBhrJa 


FIBER  OPTIC 
SOLUTIONS 

•  Tl/El  &  T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS4G0  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethemet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO-900! 


s.i. TECH 


Toll  Free  866-SlTech-l 
630-761-3640,  Fax  630-761-3644 
\vww.sitecb-biuii'iver.a>m 


www  jitecbfiber.com 


Database  Administrator-Coord¬ 
inate  physical  changes  to  com¬ 
puter  databases.  Translate  busi¬ 
ness  logic/requirements  into  E-R 
and  logical  models,  generate 
physical  models  based  on  logi¬ 
cal  design  with  Oracle  8i  specif¬ 
ic  parameters,  and  create  and 
maintain  ERW  in  models  with 
logical/physical  subject  areas 
and  domain  dictionary. 
Document  all  requirements, 
design,  test  scenarios,  code, 
process  and  design  physical 
system/network  architecture  in  a 
clustered/HA  environment. 
Design  and  partition  schemas 
for  performance  and  maintain¬ 
ability,  mentor  team  members  on 
database  standards  and  prac¬ 
tices.  and  also  lead  the  data¬ 
base  team  that  consists  of  DB 
Programmers  and  DBAs.  Use 
knowledge  of  de-regulated  ener¬ 
gy  environment,  implement/ 
maintain  custom-built  applica¬ 
tions.  and  to  migrate  data  for 
new  deployment  efforts.  Use 
Oracle  81,  Oracle  8,  Informix  in 
Sun  Solaris  2.6  platform.  Also 
use  Oracle  Application  tools, 
ERWIN,  PL/SQL.  Monitor  and 
tune  database  performance, 
manage  tablespaces,  rollback 
segments,  redo  logs  and  other 
database  objects.  Use  import, 
export.  SQL'Loader  and  other 
tools  to  load  and  backup  data, 
design  and  extend  database 
schemes,  generate  ER  dia¬ 
grams  and  normalize/de-nor- 
malize  tables.  Requirements 
include  Bachelor's  Degree  or 
equivalent  combination  of  edu¬ 
cation  and  work  experience  in 
Computer  Science.  Math¬ 
ematics.  and  Engineering  disci¬ 
pline  or  related  field  and  five 
years  of  experience  in  job 
offered  or  related  field  of  data¬ 
base  administration/manage¬ 
ment.  Applicants  must  have 
unrestricted  authorization  to 
work  in  the  United  States.  Salary 
$75,000/year.  40  hours/wk. 

Respond  with  two  copies  of 
resume  to  Case  #  200200906, 
Labor  Exchange  Office,  19 
Staniford  St.,  1st  FI.,  Boston,  MA 
02114. 


One-to-One  Service.com.  is  a  vet¬ 
eran  in  the  eCRM  and  contact  cen¬ 
ter  solutions  industry.  We  are  look¬ 
ing  for  the  following  position. 

Senior  Software  Architects 

Architects  large  eCommerce. 
eCRM  applications  using  J2EE  and 
NET  technologies,  implements 
standard  design  patterns  and 
methodologies  using  both  Struc¬ 
tured  and  Object  Oriented,  pro¬ 
cesses  like  UML,  Booch  and  RUP, 
CMM.  Should  have  hands-on  expe- 
nence  on  various  content  manage¬ 
ment  tools.  OLAP  and  EAI  tools 
with  strong  database  skills  on 
Oracle  and  SQL  2000.  Need  at 
least  Bachelor  s  degree  in  Com¬ 
puter  Sciences  or  Engineering  or 
related  and  2  years  of  industry 
experience. 

Send  resume  to:  Human  Resourc¬ 
es,  One-to-One  Service  com,  24  E 
Green  St..  Champaign,  IL  61820. 
E-mail:  jobs@1to1service.com. 


Technical  Support  Specialist  for 
NYC  IT  Co  to  review  &  test 
prgms  w/Systems  Analysts  & 
Hardware  Engrs  to  assure 
prgms  &  h/ware  systems  per¬ 
form  necessary  functions  per 
client  specs  Review  &  test  sys¬ 
tems  integration  w/clients'  exist¬ 
ing  systems.  Assure  clients'  data 
credibility  after  installation  of 
new  systems.  Liaison  w/client  & 
m-bouse  personnel  Test,  eval  & 
update  maintenance  procedures 
for  compatibility  w/new  systems 
Prep'n  of  acctg  &  other  data  like 
petty  cash,  customer  &  vendors 
after  analysis  using  MS-DOS, 
).  FoxPro  for  Win,  MS 
Office/Excel/PowerPoint 
Maintenance  &  troubleshooting. 
Oiploma/Assoc  deg  in  Comp 
Applies  or  equiv  &  2  yrs  exp 
Systec  Infl,  Inc,  350  5th  Ave, 
NY.  NY  10018,  fax  (212) 
290-2889. 

Syst€c@systecusa  com 


Programmer  Analyst.  Work  Sched 
8  30AM-5  30PM  40  hrs/wk 
$86,746  00  P/A  Analyze,  design.  & 
develop  SAP-based  financial  & 
accounting  databases  &  applica¬ 
tions  meeting  corporate  require¬ 
ments  Implement  applications  to 
link  existing  legacy  mainframe  sys¬ 
tems  (GEAC.  SmartStream)  with 
application  software  that  enables 
real-time  internal,  external  &  cross- 
departmental  transactions,  increas¬ 
ing  company  efficiency.  Evaluate, 
define,  redesign  process,  &  ana¬ 
lyze  systems  -  using  DB2,  &  IMS- 
DB.  Analyze,  design,  implement,  & 
support  of  database  for  financial, 
controlling,  &  accounts  payable 
(AP)  systems  &  SAP  interfaces  for 
several  countries  using  mainframe 
systems  based  on  TSO.  CICS  & 
DB2  at  corporate  &  plant  levels 
Analyze,  design,  &  program  using 
multiple  application  development 
tools  including  SAP  Script  & 
ABAP/4  for  SAP  (advanced  report¬ 
ing  &  ABAP  workbench  develop¬ 
ment  tools),  Visual  Basic  5.0  (inter¬ 
face  programming).  Interface  with 
end-users  to  identify  &  analyze  sys¬ 
tem  requirements  &  provide  in- 
depth  applications  support.  Ana¬ 
lyze.  design,  implement  database 
systems  &  perform  data  analysis 
using  Access  2  0,  SQL,  AUTOSYS, 
UNIX  &  multiple  batch  processing 
techniques  (EDI  &  IDOC)  on  main¬ 
frame  &  client  server  based  sys¬ 
tems.  Analysis,  design,  coding, 
testing  of  ABAP/4  programs  for 
SAP  ERP  software  Configure  SAP 
FI-AP  software  module  according 
to  business  requirements.  Respon¬ 
sible  for  AP  reporting,  requirement 
analysis  &  report  development. 
Analyze  &  implement  general  finan¬ 
cial  &  accounting  systems  ledgers 
for  Mexico,  Canada  &  U.S.  Work  in 
technical  environment  including 
Microsoft  Windows  95/98  &  IBM 
RS6000  Unix.  Analyze,  control  & 
implement  activities  related  to  total 
development  &  implementation  of  a 
global  common  designed  SAP  sys¬ 
tem  (an  Enterprise  Resources 
Planning  system)  for  Employer  & 
all  affiliate  &  subsidiary  companies. 
Master  (or  equivalent),  Any  Com¬ 
puter  Science  or  Information  Sys¬ 
tems  Field.  2  Months  exp.  in  Job  or 
Related  Occupation(s)  of  Financial 
Analyst  of  Business  Process  Ana¬ 
lyst.  2  mths.  of  Related  Occupation 
exp.  must  include  creation  of  cus¬ 
tomer  databases,  &  programming 
in  SQL,  which  may  be  concurrent 
with  Related  Occupation  exp. 
Employer  Paid  Ad.  Send  resume  to 
MDCD.  P.O.  Box  11170,  Detroit,  Ml 
48202,  Ref.  No.  210404. 


MIS  Administrator  -  administer  & 
maintain  Windows  NT4  (SP6)  net¬ 
work  that  includes  4  servers  & 
numerous  work  stations;  perform 
hardware  &  software  installation  & 
configuration;  administer  Account¬ 
ing  (MAS90).  Maintenance  (Trans¬ 
man)  and  Phone  (Strata  CS)  sys¬ 
tems;  audit  automated  accounting 
processes;  write  small  in-house  ap¬ 
plications  as  needed;  monitor,  mea¬ 
sure  &  tune  system  performance; 
train  users  on  network  operations  & 
procedures  &  engage  in  trouble¬ 
shooting;  duties  require  knowledge 
of  &  experience  w /  NT4  Network, 
MS  SQL  Server  &  MS  Access  data¬ 
bases.  Visual  Basic,  SQL,  TCP/IP, 
100BaseT  LAN  &  principles  of 
accounting.  Requires  BS  (or  MS)  in 
computer  science,  information  sys¬ 
tems,  business  administration  or 
accounting  plus  4  YRS  exp.  (2YRS 
exp.  with  MS).  Please  email  your 
resume  to  mikewilson@trans 
managegroup.com. 


ATC  Associates,  Wobum,  MA  is 
seeking  a  full-time  Software 
Developer  to  design,  develop 
and  maintain  client-server  /  web 
based  applications,  support 
existing  client-server  and  3-tier 
applications  which  include 
Financials,  Payroll  and  HR  sys¬ 
tems.  Must  have  experience  in 
writing  SQL  code  and  stored 
procedures.  MS  Visual  Studio. 
MS  SQL  Server  and  MS  Access. 
Should  be  familiar  with  financial, 
HR  and  Payroll  applications. 
Must  have  a  Bachelors  Degree 
in  Information  Systems. 
Finance,  Accounting,  or  its 
equivalent  with  at  least  2  years 
of  related  experience  in  software 
development.  To  apply,  please 
e-mail  your  resume  to 
IS-Development@ 
ATCAssociates.com  referenc¬ 
ing  code  SD. 


Senior  Statistical  (“SAS")  Pro¬ 
grammers  /  Analysts  (Pharma¬ 
ceutical)  -  A  global  biotechnology 
company  locally  based  in  the 
Greater  Boston  area,  engaged  in 
the  research,  development,  manu¬ 
facture,  and  marketing  of  prescrip¬ 
tion  drugs,  has  an  immediate  need 
for  two  (2)  highly-skilled.  Senior 
("SAS")  Statistical  Programmers  / 
Analysts  (Pharmaceutical).  The 
responsibilities  of  these  hands-on 
team  leader-level  positions  involve 
the  multi-site  statistical  program¬ 
ming  and  analysis  in  "SAS"  of  inter¬ 
national  Phase  III  clinical  trial  data, 
and  validating  the  results.  Parallel 
responsibilities  include  the  devel¬ 
opment  and  maintenance  of  com¬ 
pany-wide  statistical-programming 
code  and  standard  operating  pro¬ 
cedures  (“SOP"s).  Minimum  edu¬ 
cation  required  is  a  Bachelor’s- 
level  degree  (or  equivalent)  in 
Health  Information  Management, 
Statistics,  or  Computer  Science. 
Minimum  experience  required  is  six 
(6)  years  of  post-degree  pharma¬ 
ceutical  or  biotechnology  industry 
Phase  III  (3)  clinical  and  statistical 
programming  /  analysis  experience 
coding  in  SAS/STAT,  SAS/Macro 
and  SAS/Graph.  Specifically  re¬ 
quired  is  the  demonstrated  ability  to 
combine  non-standard  databases 
across  multiple  clinical  trials  and 
produce  integrated  safety  and  effi¬ 
cacy  analyses.  Also  required  is  the 
demonstrated  ability  to  utilize 
“International  Conference  on 
Harmonisation"  (“ICH")  guidelines 
to  develop  both  conforming  pro¬ 
gramming  SOPs  and  code  mod¬ 
ules.  Additionally  required  is  the 
demonstrated  ability  to  lead  an 
international  (/. e. ,  multiple  sites) 
clinical  data  analysis  team  of  SAS 
programmers  in  the  analysis  of  a 
clinical  trial.  Finally  required  is  the 
demonstrated  ability  to  provide 
input  into  the  data  management 
operational  plan  (e  g..  Case  Report 
Form  specifications,  data  validation 
plans,  database  architecture). 
Base  salary  is  $  86,500.  Benefits 
include  fifteen  (15)  days  paid  vaca¬ 
tion,  medical,  dental,  disability,  life 
insurances,  and  other  industry- 
competitive  benefits.  Qualified 
applicants  respond  with  two  (2) 
copies  of  resume  only  to:  Case  # 
200201182,  Labor  Exchange 
Office,  19  Staniford  Street,  1st 
Floor,  Boston,  MA  02114.  An 
EOE/MFHV. 


SOFTWARE  ENGINEERS: 

Advent  Global  Solutions  one  of  the 
fastest  growing  IT  service  compa¬ 
nies  requires  Software  Engineers 
to  research,  design,  develop  com¬ 
puter  software  systems  and  lead 
new  product  development  projects 
to  timely  completion.  Ability  to  eval¬ 
uate  and  design  SAP  software  is 
required.  Needs  a  Masters  in  CS/ 
MIS  or  any  related  degree  com¬ 
bined  with  1  +  years  experience  or 
Bachelors  with  5  years  experience 
in  designing  and  developing  com¬ 
puter  software  systems.  Please 
send  resumes  to  Advent  Global 
Solutions,  Inc.,  Human  Resources, 
12777  Jones  Road,  Suite  #445, 
Houston,  TX  77070. 

SYSTEMS  ANALYSTS:  Advent 
Global  Solutions  one  of  the  fastest 
growing  IT  service  companies 
requires  Systems  Analysts  to  ana¬ 
lyze,  design  and  develop  opera¬ 
tional  procedures  to  automate  pro¬ 
cessing  and  to  develop  new  sys¬ 
tems  to  improve  production.  Know¬ 
ledge  of  SAP,  Oracle,  and  other 
business  related  software  is  essen¬ 
tial.  Needs  Bachelors  in  Engineer- 
ing/CS  or  in  any  related  field  com¬ 
bined  with  5  years  relevant  experi¬ 
ence  in  designing  and  developing 
computer  software  systems 
Please  send  resumes  to  Advent 
Global  Solutions,  Inc.,  Human 
Resources,  12777  Jones  Road. 
Suite  #445,  Houston,  TX  77070. 


Quality  Assurance  Engineer: 
Analyze,  design,  develop,  test, 
implement,  maintain  client  server 
applications  using  various  data¬ 
bases  on  multiple  environments 
and  platforms  Develop  &  test 
GUI  using  VB,  VC++  and  work 
with  RDBMS  Exp  to  test  PDA  & 
wireless  applications,  e-mail  re¬ 
lated  protocols  Exp  working  on 
Regression,  system,  Integration, 
functional  &  performance  testing. 
Req  BS  in  Comp.  Sd.  Engg/Rel 
field  with  2  yrs  exp.  Wages: 
$60.000/yr,  40  hrs/wk,  9am-5pm 
Send  2  resumes  to:  Case# 
200201883,  Labor  Exchange 
Office.  19  Staniford  St.  1st  FI., 
Boston.  MA  02114 


Prog/Analysts  to  analyze, 
design,  test  client  server/web 
appls  with  OOAD  methodologies 
using  Java,  VB,  EJB,  Servlets, 
JScript.  XML,  HTML,  Oracle. 
SQL,  JDBC,  Access,  Weblogic, 
etc  in  Windows  OS;  analyze 
business  processes, determine 
reqs,  generate  reports;  perform 
onsite/offsite  maintenance;  doc¬ 
ument,  debug,  test,  perform 
code  optimization.  Require:  BS 
or  foreign  equiv.  in  CS/Engg 
(any  branch)  &  2yrs  exp.  in  IT. 
High  salary.  Travel  involved.  F/T. 
Resume  to:  HR,  Bahwan 
Cybertek  Technologies,  Inc., 
209  West  Central  Street,  Ste 
312,  Natick.  MA  01760. 


Systems  Analyst  -  40  hrs  per  wk., 
9AM-5PM,  $60,000  per  yr,  4  yrs 
exp.  in  job  offered  Job  located  in 
Miami,  Florida  33166.  Identify 
needs  of  client.  Design,  develop  and 
implement  programs  for  client. 
Establish  definitions  of  databases, 
user  interfaces  &  report  for  client. 
Analyze  client's  business  require¬ 
ments,  which  must  be  automated 
and  coordinated  with  programming 
equipment.  Investigate  technology 
and  standards  existing  in  market, 
which  can  be  utilized  for  program¬ 
ming  solutions.  Train  programmers 
in  the  use  of  the  equipment.  Works 
with  visual  basic  HTML,  T-SQL,  and 
J  script.  Works  with  Microsoft 
Programming  Technology.  Send 
resume  to  Agency  for  Workforce 
Innovation,  P.O  Box  10869, 
Tallahassee,  FL  32302,  Attn:  EH., 
JOFL  2402699 


Database  Administrator.  (NY,  NY) 
Design  &  administer  database 
solutions.  Perform  all  aspects  of 
Oracle,  NT  &  UNIX  admin,  incl. 
installation,  tuning,  migration, 
space  mgmt,  backup  &  recovery. 
Design  database  solutions  using 
bstat/estat,  PL/SQL  coding,  SQL 
Loader  &  clustering/replication  on 
UNIX/  NT  platform.  Design  & 
implement  UNIX  Shell  &  NT 
batch  scripts/tools.  Coordinate  w/ 
techn  project  mgrs,  PL/SQL  dvl- 
prs  and  DBA  team  to  confirm 
web-feasibility  &  efficiency.  Req 
Master’s  in  Comp.  Sci  or  Comp. 
Appl.  or  foreign  degree  equiv  &  2 
yrs  exp.  in  job  offered.  Send 
resume  to:  HR, 

WeightWatchers.com,  888  7th 
Ave,  8th  FI,  NY,  NY  10106. 


Programmer:  design,  ana¬ 
lyze,  code,  configure,  and 
implement  new  computer 
programs;  perform  unit 
and  system  testing;  pro¬ 
vide  technical  support  and 
assist  in  personnel  train¬ 
ing.  Req.  MS  or  equivalent 
in  CS  or  CIS  with  profi¬ 
ciency  in  Java,  JSP,  SOAP 
and  JINI.  Must  be  Java 
certified.  40hr/wk,  9-5. 
Contact  Adsystech,  Inc.  at 
1990  Lakeside  Parkway 
#170,  Tucker,  GA  30084. 


Seeking  qualified  applicants  for  the 
following  positions  in  Orlando,  FL: 
Senior  Programmer  Analyst,  Form- 
ulate/define  functional  require¬ 
ments  and  documentation  based 
on  accepted  user  criteria.  Require¬ 
ments:  Bachelor's  degree  or  equiv¬ 
alent  in  computer  science,  MIS. 
engineering  or  related  field  plus  5 
years  of  expenence  in  systems/ 
applications  development  Experi¬ 
ence  with  C++,  UNIX  and  Shell 
Scripting  (Unix  Shell  Script  or  Perl 
Script)  also  required.  (Master's 
degree  in  appropnate  field  will  off¬ 
set  2  years  of  general  expenence ) 
Submit  resumes  to  Sibi  George, 
FedEx  Corporate  Services,  1900 
Summit  Tower  Blvd.,  Suite  1400. 
Orlando.  FL  32810.  EOE  M/F/DA/ 


Programmer  Analyst.  Wilmington, 
DE.  Bachelors  in  MIS  or  Comp.  + 
one  year  exp  inDesign,  develop 
and  implement  net  enabled  applica¬ 
tions  utilizing  ASP,  Oracle9i  Appli¬ 
cation  Server,  HTML,  XML.  C.  SQL. 
and  PL/SQL.  for  Windows  95/98/NT 
&  Unix;  design  GUI  using  VB. Power 
Builder,  and  Oracle  Forms,  design, 
development  and  enhancement  of 
the  Electronic  Medical  Records  Ap¬ 
plication  using  Nextgen,  VB. Oracle, 
SQL  Loader  and  TOAD  Implement¬ 
ed  Quality  Standards  using  CMM 
specifications  and  H I PAA  guidelines 
for  Electronic  Medical  Records  Ap¬ 
plication  design  &  develop  RDBMS 
using  Oracle,  SQL  Server,  MS  Acc¬ 
ess  and  generate  reports  using  Cry¬ 
stal  Reports8  and  Oracle  Reports6. 
Respond  to  HR  Dept,  Neotech 
Solutions  Inc.,  1170  Broadway, 
Suite  314,  New  York.  NY  10001. 


Sr.  Software  (Test)  Engineer  -  As 
member  of  software  testing  team, 
test  &  develop  test  automation  soft¬ 
ware.  Participate  in  design  &  code 
reviews.  Write  test  plans  according 
to  system  requirements.  Maintain 
existing  test  plans  &  automated  test 
scripts.  Test  telecommunications 
products.  Support  potential  cust¬ 
omers  during  lab  trials.  BS  in 
Comp.  Sci/.  Eng'g,  Electronics/ 
Electrical  Eng'g  or  equiv.  +  must 
have  3  yrs  exp.  in  job  offered  or  w / 
software  testing  for  the  telecommu¬ 
nications  industry,  including  de¬ 
tailed  knowledge  of  telecommuni¬ 
cation  protocols,  general  telecom¬ 
munications  procedures  &  TCL  pro¬ 
gramming.  40  hours/week;  Salary: 
$98,000/yr.  Send  two  copies  of 
resume  to:  Case  #200201685, 
Labor  Exchange  Office,  19  Stani¬ 
ford  St  1st  FI,  Boston  MA  02114. 


Programmer  Analysts  to  ana¬ 
lyze,  develop,  maintain  software 
appls  using  Oracle  Applications, 
Oracle,  PL/SQL,  Dev  2000,  etc 
under  Windows/UNIX  OS;  con¬ 
duct  functional  testing  and 
debugging;  perform  data  con¬ 
versions,  customize  Forms/ 
Reports  using  Oracle  Applica¬ 
tions  standards;  document, 
maintain  &  update  development 
process.  Require:  BS  or  foreign 
equiv.  in  CS/Engg.  (any  branch) 
or  related  field  &  2yrs  of  exp.  in 
IT.  Travel  involved.  F/T  position. 
Competitive  salary.  Resume  to: 
HR,  Quest  America, Inc.,  211 
East  Ontario  Street,  Suite  1800, 
Chicago,  IL  60611 


Sr.  Software  Engineer  (with 
Bachelors  degree  and  5  years 
experience)  -  West  Chester, 
OH.  Job  entails  and  requires 
experience  in  design  and 
development  of  applications 
using,  Oracle,  Visual  Basic,  12 
Demand  Planner,  PL/SQL, 
Perl  Script  and  Unix. 
Relocation  within  USA  possi¬ 
ble.  Attractive  compensation 
package.  Send  resume  to 
Catherine  Fanucchi,  SDG 
Corporation.  65  Water  Street 
Norwalk,  CT  06854 


Director  of  MIS  &  Technology 
wanted  to  perform  enterprise¬ 
wide  technology  &  info  systms 
implmtn  using  ERP  tools,  plus 
utilize  general  bus  knowl  in  vari¬ 
ous  areas.  Pos  is  loc  in  Houston. 
TX.  Hrs:  M-F  9-5.  Must  have  BS 
(or  equiv)  in  Comp  Sci,  Engg  or 
related  field  +5  yrs  exp  in  posi¬ 
tion  offd,  or  in  related  occupation 
such  as  S/ware  Consultant  or 
Project  Engr  for  info  systms 
dvlpmt  &  implmtn.  Apply  to:  Attn: 
Jackie  Meredith-Batchelor,  P.O. 
Box  8018,  Philadelphia.  PA 
19101-8018 
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Software  Developer  -  Research, 
analyze,  design,  and  develop  com¬ 
puter  software  programs  which 
relate  to  processing  and  encoding 
texts  in  Asian  languages  such  as 
Chinese.  Japanese  and  Korean 
Utilize  statistical  analysis,  cluster¬ 
ing  methods,  text  technology,  data¬ 
base  indexing  and  multimedia  net¬ 
working  Work  in  a  C/C++  and  Unix 
environment.  Must  have  Master's 
or  equivalent  in  CS/Math/Engineer- 
ing  or  related  field  Must  have  1  yr 
exp  in  job  offered  or  in  related  sta¬ 
tistical/textual  info  retrieval  in  acad¬ 
emic.  or  industrial  environ..  Such 
expenence  must  include  !)  statisti¬ 
cal  clustering  methods.  2)  seman¬ 
tics  indexing,  3)  Multimedia  data¬ 
bases  and  networking.  Salary: 
$82.000/yr  Hrs  8:00am-5:00pm.. 
40/wk  Please  send  2  copies  of 
resume  to:  Case  #  200201218, 
Labor  Exchange  Office.  19 
Stamford  St..  Is*  FI.  Boston,  MA 
02114 


Electronic  Content  Developer 

Lead  the  design  &  development  of 
the  Intranet.  IBridge  portal.  Web¬ 
sphere  portal,  and  CMS.  Develop 
portlets  w /  JSP.  Servlets.  JBeans.  & 
XML  using  WebSphere  API.  Devel¬ 
op  and  publish  content  via  CMS 
Develop  VB  apps  for  survey  mgmt 
conn,  to  Lotus  Notes.  Administer 
Intranet  using  Unix/CGI  Script.  An¬ 
alyze  and  document  business  case 
process  impl.  Req:  BS  in  CIS  &  abil. 
to  use  Java.  JSP.  Servlets.  ASP.  VB. 
Access.  CGI/PERL.  XML.  XSL,  R- 
Rose,  UML,  Flash,  and  Host  on 
Demand  Able  to  do  business  ana¬ 
lyst.  system  design.  &  tech,  writing 
documentation.  40hr/wk.  9-6.  Res¬ 
ume  to:  Zeron  Turlington.  Manager 
of  eContent  Services.  The  Home 
Depot.  2455  Paces  Ferry  Rd.  N.W. 
(C-1 7).  Atlanta.  GA,  30339. 


Systems  Advisor.  Define,  plan, 
organize  and  provide  project  lead¬ 
ership  for  the  development  and 
implementation  of  worldwide  regu¬ 
latory  clearance  systems.  Require¬ 
ments:  Bachelor’s  degree*  in  com¬ 
puter  science,  math,  engineering, 
business  or  related  field  plus  7 
years  of  experience  in  defining  sys¬ 
tem  requirements  and/or  project 
leadership  in  the  development  of 
user  systems.  Experience  with  cus¬ 
toms  clearance  systems,  data  ex¬ 
traction  using  SQL.  and  RDBMS 
also  required.  ’Master's  degree  in 
appropriate  field  will  offset  2  years 
of  general  experience.  Submit 
resumes  to  Greg  Dison,  Federal 
Express  Corporation.  3650  Hacks 
Cross  Road.  Memphis.  TN  38125. 
EOE  M/F/D/V. 


Research  Associate  II 

To  assist  principal  investigators  in 
designing  and  implementing  sys 
for  the  acquisition,  storage  and 
retrieval  of  environmental  data, 
developing  software  for  data  pro¬ 
cessing  and  operations  for  the  US 
ARGO  and  Global  Oceanographic 
Observing  Systems.  Req.  B.S.  in 
mathematics,  physics,  computer 
science,  environmental  science  or 
related  field,  fluency  in  client-server 
applications  programming  plus  4 
yrs  exp.  in  commercial  database 
mgt.  systems.  40hrs/wk.  Send 
cover  letter  &  resume  to  Dr.  Joseph 
M  Prospero,  CIMAS,  4600 
Rickenbacker  Cswy.,  Miami.  FL 
33149  Ref  Code  ARGO-II 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 

SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM.  DCOM  •  JSP  •  HTML 

•  JAVA.  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML, UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL.  SPL, 
UNIX 

Visit  our  website  @ 
www.cx)mputerhorizons.com 

Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H  R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F. 


Multiple  positions  available  in  a 
software  consulting  develop¬ 
ment  company: 

Computer  Programmers 
Develop  &  write  computer  pro¬ 
grams  in  a  variety  of  program¬ 
ming  languages  including  C, 
C++,  ORACLE,  Java,  Html, 
Java  Script,  Jdeveloper,  EAI, 
eGate,  SeeBeyond  and  web 
methods. 

Consultants  -  Analyze,  develop, 
design,  test  &  support  EAI 
based  applications  using 
Exchange,  Java,  UNIX,  IIS 
servers,  e*Gate,  or  SeeBeyond. 

BS  or  equiv.  in  Comp.  Sci.  or 
any  Engg.,  statistics,  or  related 
fields  plus  relevant  exp.  Send 
resume  to  HR,  SysZen 
Technologies,  Inc.,  646  Highway 
18,  Ste.  218,  East  Brunswick, 
NJ  08816. 


Seeking  qualified  applicants  for  the 
following  positions  in  Orlando.  FL: 
Senior  Business  Application 

Analyst.  Formulate/define  systems' 
scope  and  objectives  based  on 
user/customer  needs  and  a  good 
understanding  of  applicable  busi¬ 
ness  systems  and  industry  require¬ 
ments.  Requirements:  Bachelor's 
degree*  in  computer  science,  busi¬ 
ness.  math,  engineering  or  related 
field  plus  5  years  of  experience  in 
analyzing  business  systems  and 
developing  technical  automated 
solutions.  Experience  with  MS 
Project  and  either  C++,  Java,  JSP 
or  object-oriented  programming 
also  required.  ’Master’s  degree  in 
appropriate  field  will  offset  2  years 
of  general  experience.  Submit 
resumes  to  Sibi  George,  FedEx 
Corporate  Services,  1900  Summit 
Tower  Blvd..  Suite  1400,  Orlando. 
FL  32810.  EOE  M/F/D/V. 


Sr.  Software  Engineer  -  As  a  mem¬ 
ber  of  the  software  development 
team:  Design  &  develop  call  control 
software.  Analyze  software  require¬ 
ments  &  functional  specifications. 
Design,  code  &  test  critical  Call 
Control  functionality:  translations, 
CLASS  5/4  Services,  the  AIN  basic 
Call  Model,  messaging  &  associat¬ 
ed  protocols.  Participate  in  design  & 
code  reviews.  Will  maintain  existing 
software  systems  &  test/integrate 
telecommunications  products  B.S 
in  Comp.  Sci/Eng’g,  Electrical/Elect¬ 
ronics  Eng'g  or  equiv. +3  yrs.  exp.  in 
job  offered  or  software  develop¬ 
ment.  Must  be  proficient  in  C  &  UN¬ 
IX  programming  &  have  an  in-depth 
understanding  of  Data  Switching 
System/s  as  well  as  AIN  Generic 
Requirements  for  Call  Control. 
Must  have  knowledge  of  general 
telecommunication  procedures.  40 
hours/week;  Salary:  $98,400/yr. 
Send  two  copies  of  resume  to:  Case 
#200201689,  Labor  Exchange 
Office,  19  Staniford  St  Is*  FI,  Boston 
MA  02114. 

Sr.  Software  (Test)  Engineer-  As 
member  of  software  testing  team, 
test  &  develop  test  automation  soft¬ 
ware.  Participate  in  design  &  code 
reviews.  Write  test  plans  according 
to  system  requirements.  Maintain 
existing  test  plans  &  automated  test 
scripts.  Test  telecommunications 
products.  Support  potential  cus¬ 
tomers  during  lab  trials.  BS  in 
Comp.  Sci/.  Eng'g,  Electronics/Elec¬ 
trical  Eng'g  or  equiv.  +  must  have  3 
yrs  exp.  in  job  offered  or  w /  software 
testing  for  the  telecommunications 
industry,  including  detailed  knowl¬ 
edge  of  telecommunication  proto¬ 
cols,  general  telecommunications 
procedures  &  TCL  programming.  40 
hours/week;  Salary:  $100,000/yr. 
Send  two  copies  of  resume  to:  Case 
#200201690,  Labor  Exchange 
Office,  19  Staniford  St  1st  FI,  Boston 
MA  02114. 

Sr.  Software  Engineer-  As  member 
of  software  development  team, 
design  &  develop  software  &  sustain 
company’s  cutting-edge  telephony 
devices.  Will  develop  &  enhance 
serviceability  tools  &  participate  in 
design  and  code  reviews.  Will  test  & 
integrate  telecommunications  prod¬ 
ucts  &  provide  critical  bug  fixes  for 
customers.  In  addition,  will  provide 
customer  software  enhancements  & 
use  programming/analytical  skills  in 
order  to  provide  services  for  debug¬ 
ging.  M.S.  Comp.  Eng’g,  Comp.  Sci, 
E.E.  or  equivalent  +  2  yrs  exp.  in  job 
offered  or  software  development. 
Exp.  may  be  gained  prior  to  M.S. 
degree.  In  the  alternative,  employer 
will  accept  candidates  w/B.S.  &  5 
yrs.  of  progressively  responsible 
post-graduate  exp.  Must  have 
knowledge  in  at  least  1  of  the  fol¬ 
lowing  telecom  protocols:  ISDN  or 
SS7  Call  processing,  ATM,  or 
TCP/IP  as  well  as  strong  coding 
skills  in  C.  40  hours/week:  Salary: 
$100,000/yr.  Send  two  copies  of 
resume  to:  Case  #200201645, 
Labor  Exchange  Office,  19  Stani¬ 
ford  St  1st  FI.  Boston  MA  02114. 

Software  Engineer-  Develop,  inte¬ 
grate,  maintain  &  test  complex  com¬ 
munication  protocols  including  but 
not  limited  to:  Sigtran,  SS7/CCS7  & 
ISDN.  Participate  in  design  &  code 
reviews  of  new  software  and  modi¬ 
fications  to  existing  software.  Devel¬ 
op,  maintain  &  test  telecom  applica¬ 
tions  &  system  software  responsible 
for  configuring  &  controlling  the  sys¬ 
tem,  internal  communication  be¬ 
tween  software  entities,  fault  toler¬ 
ant  and  redundant  operation  of  soft¬ 
ware.  Analyze  and  document  com¬ 
puterized  telecommunication  syst¬ 
em  software  requirements,  function¬ 
al  specifications,  architectural  spec¬ 
ifications,  &  design  specifications. 
B.S.  in  Comp.  Eng’g,  Comp.  Sci, 
E.E.,or  equiv.+  2  yrs  exp.  in  job 
offered  or  telecom  software  devel¬ 
opment.  Must  have  proficiency  in  C 
programming  as  well  as  knowledge 
of  telecommunication  protocols.  40 
hours/week;  Salary:  $84,000/yr 
Send  two  copies  of  resume  to:  Case 
#200201686.  Labor  Exchange 
Office,  19  Staniford  St  1st  FI,  Boston 
MA  02114. 


Technical  Support  Specialist. 
8a-5p  40  hrs/wk.  Analyze  pro¬ 
ject.  review,  test  prgm  for  com¬ 
patibility;  troubleshoot  &  provide 
tech'l  support/updates  using 
object  oriented  prgmg,  Java. 
TCP/IP  &  Win  NT;  repair  &  main¬ 
tain  comps.  Educational  req 
Bach  or  equiv  in  Comp 
Sci/Engg,  Info  Technology, 
Electrical,  Electronics  or  related 
Engg.  Resume:  S3  Group,  Inc.. 
7001  Peachtree  Indus.  Blvd,  Ste 
446,  Norcross.  GA  30092. 


IT  SPECIALIST  to  install,  config¬ 
ure.  and  support  network  systems; 
develop,  maintain  and  administer 
automated  computer  systems 
including  PowerFaids.  EDCONN, 
NSLDS,  ELM.  and  mainframe; 
coordinate  the  automation,  updat¬ 
ing,  and  maintenance  of  current 
and  future  technological  process¬ 
es;  responsible  for  the  coordina¬ 
tion  and  production  of  regular 
financial  reports  in  an  accurate  and 
timely  manner.  Require:  Bachelor 
degree  in  Computer  Science/ 
Information  Systems.  Competitive 
salary  and  benefits.  Mail  resume 
to:  Director.  Human  Resources. 
Alabama  A&M  University,  P.0  Box 
305.  Normal.  AL  35762. 


Computer  Product  Manager:  Man¬ 
age,  plan  &  direct  a  group  of  com¬ 
puter  engineers  developing  new 
products.  Also  designing  and  devel¬ 
oping  vIDE  for  a  middleware  prod¬ 
uct,  Virtuositi,  and  online  financial 
analysis  web  application  using  C, 
C/++,  Java,  JSP,  Perl,  SQL,  Oracle, 
XML.  HTML,  ASP.  JBuilder,  VB, 
Rational  Rose,  WinCVS,  ATG’s, 
Dynamo  and  JESS.  Requires: 
Masters  in  Computer  Science  and 
2  years  experience  in  software 
development.  Must  have  knowl¬ 
edge  of  C,  C++,  Java,  JSP.  Perl. 
SQL.  Oracle,  XML.  HTML  and 
Visual  Basic.  40hrs/wk  (8:00  a  m. 
to  5:00  p  m  );  $99.413.00/yr.  Send 
two  resumes/responses  to:  Case 
Number  200201473,  Labor  Ex¬ 
change  Office,  19  Staniford  Street, 
1st  Floor.  Boston,  MA02114. 


Seeking  Associate  Vice  President 

for  MIS  and  Decision  Support 


Florida  Community  College,  one  of  the  nation's  leading  technology 
environments  in  higher  education,  is  seeking  an  Associate  Vice  President 
for  MIS  £t  Decision  Support  to  join  its  innovative  and  highly  successful 
technology  leadership  team.  Reporting  directly  to  the  VP,  Technology  and 
CIO,  the  successful  candidate  will  be  responsible  for  the  college's  Enterprise 
Resource  Planning  (ERP)  System,  Telecommunication  and  Networks  and  its 
highly  advanced  computing  environment. 


Minimum  qualifications 

include  a  Bachelor's  degree 
and  five  years  of  IT 
management  experience. 
Preferred  qualifications 
include  a  Master's  degree  and 
a  demonstrable  record  of 
distinctive  success  in 
managing  IT  in  a  sophisticated 
technical  environment. 
Salary  is  competitive  and 
negotiable  dependent  upon 
qualifications  and  experience. 


how  to  apply:  Interested  candidates  must  submit  a 
Florida  Community  College  at  Jacksonville  application. 

An  Administrative/Faculty/Professional  application  can 
be  downloaded  or  completed  online  from  our  Web  site 
at  www.FCCJ.edu/HumanResources;  obtained  at  the 
Human  Resources  Department  at  501  W.  State  St., 
Jacksonville,  FL  32202;  or  by  calling  (904)  632-3210. 
Florida  Community  College  does  not  discriminate  on  the  basis 
of  race,  color,  national  origin,  sex,  religion,  age  or  disability  in 
employment  or  the  provision  of  services,  is  an  equal 
access/equal  opportunity  college,  and  maintains 
a  smoke-free/drug-free  environment. 

Please  visit  our  Web  site  for  more 
about  this  and  other  positions  at 
www.FCG.edu/HumanResources 


change  lives.  starting  with 


your  own. 


FLORIDA 

COMMUNITY 

COLLEGE 


AT  JACKSONVILLE 


SYSTEMS  ENGINEER 

Will  develop,  create  and  modify 
computer  applications  software  for 
clients  by  analyzing  user  needs  and 
creating,  developing  and  refining 
software  solutions.  Will  design  or 
customize  software  for  client  use 
with  the  aim  of  optimizing  all  affect¬ 
ed  areas  of  operational  efficiency. 
Knowledge  of  HTML,  DHTML. 
Javascript  and  JSP  required.  Pre¬ 
vious  project  management  experi¬ 
ence  and  knowledge  of  the  Stellent 
product  suite  preferred.  Bachelor's 
degree  or  its  equivalent  in  comput¬ 
er  technology  or  related  field  is 
required.  Position  fulltime,  M-F. 
$50, 000/year.  Interested  parties 
may  submit  their  resumes  to 
Transcend  Software,  Inc.,  Attn: 
Susan  Blaskovich,  5440  Corporate 
Park  Drive,  Davenport,  IA  52807. 

PROGRAMMER/ANALYST 

Design  customer  software  applica¬ 
tions  for  clients  by  analyzing  client 
requirements,  designing  functional 
specifications,  developing  and  doc¬ 
umenting  code,  performing  initial 
testing  with  feedback  to  Q.A..  coor¬ 
dinating  implementation  with  client 
and  providing  all  necessary  docu¬ 
mentation  throughout  all  stages  of 
the  project  and  escalated  support 
after  implementation.  Requires 
working  knowledge  of  VisualBasic, 
XML,  Javascript,  PDFLIB,  net, 
ASP,  and  JSP.  Bachelor’s  degree 
or  its  equivalent  in  computer  tech¬ 
nology  or  a  related  field  is  required. 
Position  is  fulltime,  M-F.  $55,000/ 
year.  Interested  parties  may  submit 
resume  to  Transcend  Software, 
Inc.,  Attn:  Susan  Blaskovich,  5440 
Corporate  Park  Drive,  Davenport, 
IA  52807. 


eTransX,  Inc.  provides  cost- 
effective  information  solutions 
for  issues  involving  e-Business 
and  e-Commerce.  We  are  look¬ 
ing  for  the  following  position. 
Software  Engineers:  Design, 
develop,  analyze,  and  recom¬ 
mend  software  requirements  for 
messaging,  system  integration 
and  E-commerce  database 
applications.  Expertise  in  object- 
oriented  programming  using 
Java  and  C++.  Expertise  in 
XML,  RDBMS  Oracle.  MySQL. 
SQL  Server,  DB2,  application 
servers,  wireless  protocols  and 
LDAP  required.  Experience  with 
MS  Active  Directory,  Blackberry 
SDK,  ClearCase  and  current 
Web  Technologies  in  Windows. 
Unix,  and  Linux  environments. 
Need  Master's  degree  in 
Computer  Science  or 
Engineering  and  3  years  of 
experience.  Send  resume  to: 
Human  Resources,  eTransX, 
Inc.,  8323  Southwest  Freeway, 
Ste  590,  Houston,  TX  77074.  E- 
mail:  info@etransx.com 


Database  Administrator.  Manage 
and  maintain  Sybase,  SQL  and 
Informix  databases  and  ensure 
continuity  of  development  activities. 
Install  new  versions,  products  and 
components  to  upgrade  databases. 
Streamline  default  parameters  in 
existing  databases.  Tune  and 
scope  OS  and  database  parameter 
settings;  update  periodically.  Daily 
troubleshooting.  Administer  data¬ 
bases  (create  log-ins  and  security 
measures,  assign  roles  and  privi¬ 
leges).  Monitor  QA  and  develop¬ 
ment  databases.  Establish  back-up 
and  recovery  procedures  Provide 
support  for  synchronizing  schemas 
for  Dynamo  5.0.  Supervise  physical 
design  of  databases.  Database 
development  duties  include  data 
migration,  views,  stored  proce¬ 
dures,  schema  development,  inter¬ 
nationalization.  inter-database  con¬ 
sistency,  configuration,  tuning,  and 
troubleshooting.  Database  systems 
include  Sybase,  MS  SQL,  and 
Informix.  Qualify  with  MS  in  Comp. 
Sci.,  EE  or  related  area  plus  2  yrs 
exp  in  position  w /  database  mainte¬ 
nance  and  development  duties 
(including  data  migration,  views, 
stored  procedures,  schema  devel¬ 
opment,  internationalization,  inter- 
database  consistency,  configura¬ 
tion,  tuning,  and  troubleshooting)  in 
Sybase,  MS  SQL.  and  Informix. 
Must  have  unrestricted  right  to  work 
in  US.  M-F,  8:30am-5:30pm,  40 
hrs/wk.  Salary:  $85.000/yr.  An 
EOE.  Send  2  copies  of  resume  to 
Case  No.  200116428,  Labor 
Exchange  Office,  19  Staniford  St., 
1st  FL,  Boston,  MA 02114. 


OpTech,  Inc.  has  immediate, 
full-time  opportunities  for: 

Systems  Analyst  to  analyze 
user  requirements,  procedures 
and  problems  to  automate  pro¬ 
cessing  or  to  improve  existing 
computer  system/network:  re¬ 
view  computer  system/network 
capabilities;  develop  new  sys¬ 
tem/network  to  improve  produc¬ 
tion;  provide  problem  analysis, 
isolation,  resolution  and  traffic 
management;  use  a  variety  of 
tools  including  Concord/Cisco 
Works.  ATM  Switches  &  Active 
View.  Bachelor's  degree  or  for¬ 
eign  edu.  equiv.  of  same  and  lyr 
exp.  required. 

For  some  positions,  we  also 
accept  the  degree  equivalent  in 
edu  and  exp.  Travel  and/or  relo¬ 
cation  required.  Send  confiden¬ 
tial  resume,  salary  requirements 
to:  OpTech,  Inc.  Attn:  HR  645 
Griswold,  Ste.  2146  Detroit,  Ml 
48226 


IT/Consulting  Company  req.: 
Prog./Analyst  w/Bachelors  Deg. 
&  2  yrs.  exp.  or  its  equivalent. 
Degree  req.  Comp.  Science, 
Science,  Engg,  Math,  MIS. 
Equivalent  can  be  based  on 
Education  and  Exp.  evaluation, 
w/skill  sets  that  include: 

Java,  J2EE,  EJB,  JSP,  Servlets, 
JavaScript,  Java  Beans.  HTML, 
Corba,  Ariba,  TIBCO,  XML, 
ASP,  JFC,  Swing  Controls,  Peril 
CGI,  Web  Logic,  WebSphere, 
Oracle  Apps.  Server,  VC++, 
MFC,  COM/DCOM,  SQL,  VB, 
VBScript,  Microsoft.NET, 
ActiveX,  Powerbuilder,  C,  C++, 
UNIX/LINUX,  HP-UX,  Windows 
2000,  NT,  Sun  Solaris,  AIX, 
DB2,  Oracle,  PL/SQL,  Oracle 
Forms  and  Reports,  Developer 
2000,  Designer  2000, 
SQLServer,  Sybase,  Informix, 
SAP,  PeopleSoft,  JD  Edwards, 
Siebel,  BASIS,  ABAP/4, 
EDI. ALE,  APO,  BW,  SQR,  MVS, 
VAX,  VMS.  JCL,  COBOL,  T- 
SQL,  AS400,  Informatica,  Bus¬ 
iness  Objects,  Microstrategy, 
Crystal  Reports,  SAS,  Rational 
Tools,  Testing,  Win  Runner, 
Load  Runner.  Mercury  Tools, 
Silk,  MS-Office  Suite,  Lotus 
Notes,  CISCO  Routers,  LAN, 
WAN,  DecALPHA,  Docu- 
mentum,  Interwoven. 

Travel  &  Relocation  req.  to 
unanticipated  client  sites 
throughout  the  U.S.  as 
assigned.  Send  resume  to  Attn: 
Recruiter:  Nutech  Systems,  Inc., 
1638  Omara  Lane,  Smyrna,  GA 
30082. 


Development  Manager.  Respon¬ 
sible  for  managing  all  company 
software  development  projects  to 
ensure  that  projects  are  properly 
completed  on  time  and  under  bud¬ 
get.  Supervise  software  develop¬ 
ment  teams  in  the  development  of 
intricate  database  dnven  applica¬ 
tions.  Oversee  and  lead  the  Devel¬ 
opment  Team  staff  Interact  with 
clients  and  supervise  coding  and 
development  functions  Demon¬ 
strated  ability  developing  intricate 
database  driven  applications  using 
tools  such  as  ColdFusion.  HTML. 
Dynamic  HTML.  JavaScript,  Java, 
Java  Server  Pages.  Active  Server 
Pages,  IIS  5,  Windows.  Demon¬ 
strated  ability  developing  applica¬ 
tions  using  tools  such  as  SOL 
Server,  MS  Access,  Oracle.  COM, 
XML,  Flash.  Crystal  Reports, 
Cascading  Style  Sheets,  ActiveX 
Components.  $110,340/yr  40 
hr/wk  9:00a.m.  -  5:00p.m.  Must 
have  Bachelor  of  Science.  Comp 
Sci.,  Eng.  related  field/equiv  and  3 
years  experience  (or  3  years  expe¬ 
rience  in  related  occupation  as 
Consultant/Software  Engineer) 
Send  2  resumes  Case 
#20020051?,  Labor  Exchange 
Office,  19  Staniford  Street.  1st  ft., 
Boston,  MA  02114 
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Computer  Software  Engineer 
needed  for  Jackson, 
Wyoming  corporation  to 
plan,  develop,  test  and  docu¬ 
ment  computer  programs. 
Requires  one  year  of  appli¬ 
cation  and  database  devel¬ 
opment  experience  using 
VBA,  Access  and  Excel  in  a 
Windows  environment.  Send 
resumes  to  Lynda  Yazzolino, 
H  R.  Dir.;  P.O.  Box  1108; 
Jackson,  WY  83001.  Refer  to 
Job  Code:  BDBC. 


NetSoft  has  openings  for 
Programmer/system  analysts. 
Software  engineers  or  other  IT 
professionals  to  design,  devel¬ 
op,  test,  analyze,  code,  imple¬ 
ment  and  maintain  software  and 
computer  system  to  meet 
client's  requirements;  skills  in 
COBOL  II,  CICS,  MVS,  JCL. 
VSAM  &  DB2,  SAP,  HTML, 
Java,  PWB.  IIS,  JDBC,  ASP. 
JavaScript,  XML  and  Oracle  8.0 
are  preferred.  Applicants  must 
have  BS/MS  (or  equivalent,  1-5 
exp.  in  IT).  Some  job  may 
require  traveling  (we  pay 
expense).  Competitive  wage 
with  full  benefits.  Please  apply  at 
Apply  hr@nstc.net  or 
jobs@nstc.net.  No  phone  calls. 
EOE 


Pronto  Networks,  Inc.  is  seeking  a: 
Director/Chief  Architect  - 
Embedded  Systems  to  lead  the 
dev't  of  WLAN  embedded  sys¬ 
tems.  Requires  MS  +  5  yrs  exp  or 
Ph.D  +  2  yrs  exp  in  designing  sys¬ 
tem  architecture,  efficient  algo¬ 
rithms.  and  developing  software 
products  in  networking/telecom. 
Pis  send  resume  to  Pronto 
Networks.  3527  Mt.  Diablo  Blvd, 
#404,  Lafayette,  CA  94549.  No 
phone  calls  pis. 


Prog/Analysts  to  analyze, 
design  business/scientific  appls 
using  SAP  R/3,  ABAP,  VB. 
Oracle,  SQL  Server  on  UNIX/ 
Windows  envir;  develop  tech 
design  documents;  determine 
reqs;  perform  monitoring,  quality 
control;  test/troubleshoot  project 
appl  code  according  to  system 
objectives.  Require:  BS  or  for¬ 
eign  equiv.  in  CS/Sci./  Engg. 
(any  branch)  &  2  yrs  of  exp.  in 
IT.  Travel  involved.  High 
salaries.  Respond  to:  HR, 
Smartsoft  International,  Inc., 
7900  Steubenville  Pike  Suite  21, 
Imperial,  PA  15126 


Software  Engineers  to  lead 
teams  to  analyze,  design,  devel¬ 
op  and  implement  s/w  appls 
using  Oracle  Financials,  MS 
Access,  ERP  Appls.  Dev  2000, 
SQL,  PL/SQL,  XML,  Pro‘C, 
C++,  VB,  ASP.  HTML  etc.  on 
Sun  Solaris,  Windows,  SCO 
UNIX  OS;  interact  with  clients 
for  req.  analysis/feasibility  study, 
evaluate  team,  train  end  users. 
Require:  MS  or  foreign  equiv.  in 
CS/E  ngg/Business  &  3yrs  of  exp 
or  BS  or  foreign  equiv.  in  any  of 
the  above  field  &  5  yrs  of  rele¬ 
vant  prog  exp.  Travel  involved. 
High  Salary  Resumes  to  Fourth 
Technologies,  585  Tollgate  Road 
Su.te  I,  Elgin,  IL  60123. 


IMRA  America  is  looking  for 
Research  Scientist  in  the  field  of 
opto-electronics,  high-power 
laser  &  wave-guide  technology. 
Qualified  candidates  must  have 
Ph  D  with  at  least  one-year 
experience  in  the  optical  area. 
Please  send  resume  to 
employment@imra.com.  EOE. 

K&M  Softech  is  looking  for  pro¬ 
grammer/system  system,  soft¬ 
ware/project  engineers  or  IT 
professionals.  Both  entry  & 
experienced  levels  needed. 
Some  positions  require  travel. 
Skills  in  C/++,  VB,  Oracle,  SAP, 
SQL  are  plus.  Please  send 
resumes  to 

Recruit@kmsoftech.com.  EOE 


Noetix  Corp.  seeks  Comp.  Sys¬ 
tems  Analysts  for  Bellevue  office. 
DESC:  Det.  proj.  specs.;  Anlyze 
user  req’s;  Dir.  the  cust.  &  impl. 
of  Oracle  RDBMS  &  Oracle  fin.  & 
mfg.  modules  &  apps.  thru  the 
util,  of  SQL,  PL/SQL,  &  Des/Dev 
2000  on  UNIX  &  Win  NT  o/s. 
REQS:  BS  in  Bus.,  Bus.  Admin., 
MIS,  Econ.  or  Fin.  +  2  yrs.  exp. 
dsgn.  &  impl.  Oracle  RDBMS  & 
Oracle  fin.  &  mfg.  modules  & 
apps.  util.  SQL,  PL/SQL  &  Des/ 
Dev  2000  on  UNIX  &  Win  NT  o/s. 
Prem.  sal.  +  bns  &  benes.  Pis. 
reply  to  J.  Hubbs,  Job  #TP-102, 
2229  112th  Ave.  NE,  #200, 
Bellevue,  WA  98004. 


Software  Solutions  Group,  Inc. 
A  global  provider  of  IT  &  profl 
business  svcs.  We  are  hiring  for 
the  following:  Business  Int¬ 
elligence  Integration  Analysts 
Analyze  client  sys,  assess 
requirements,  design,  develop  & 
implement  business  intelligence 
applications  in  the  areas  of 
Inventory/Material  mgmt,  finan 
acctng.  &  data  repositories. 
Create  client/server  &  Web/ 
intranet  application  for  extrac¬ 
tion,  transformation  &  loading 
tools  for  daily  manipulation  & 
monitoring  of  data.  Utilize  tools 
such  as  C++,  C#,  ASP.NET, 
SeeBeyond,  MS  SQL  Server 
2000  &  Oracle  91 .  Min  3  yrs  exp. 
In  related  occupation.  Fax  res: 
(310)  337-0786  WEB  LA514044 


Programmers,  Jr.  Programmers, 
Software  Engineers:  Analyze, 
design  and  develop  apps.  in  (a) 
MQ  Series,  Shell  Scripts,  Java 
and  related  tech.,  Oracle  &  relat¬ 
ed  tools,  SQL  Loader,  CGI/Peri, 
Visual  Basic,  AppWorx  and 
related  technologies;  (b)  C/C++, 
Cobol,  PB,  Sybase,  Java, 
Oracle,  SQL  Server,  XML,  Unix, 
MQ  Series,  Weblogic  and  relat¬ 
ed  technologies.  US  Workers 
only.  Consulting  positions  requir¬ 
ing  travel.  Prevailing  wage/ben¬ 
efits.  Send  resume  to  HR, 
Datum  America  Ltd.,  850  Boyce 
Rd.,  Suite  7,  Bridgeville,  PA 
15017.  EOE. 


PROGRAMMER/AN 
ALYST  wanted  by 
software  developer  in 
Houston,  TX.  Must 
have  degree  &  exp. 
Respond  by  resume 
only  to:  Mr.  H.  Morris, 
V/K  -  #10,  Solid 
Software  Solutions, 
LLC,  3300  S. 
Gessner,  Ste.  201, 
Houston,  TX  77063. 
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Mark  Gibbs 


Technology  solutions  and  problems 


“'This  disc  will  self-destruct  in  48 
hours'That  is  the  warning  The  Walt 
Disney  Co.,  will  issue  this  August  when 
it  begins  to  ‘rent’ DVDs  that  after  two 
days  become  unplayable  and  do  not 
have  to  be  returned.” 

—  Reuters,  May  16,  7:34  p.m.  EST 


First,  there  was  King  Canute  attempting  to  turn 
back  the  tide  of  the  sea.  Now  there’s  the  Walt  Disney 
Co.  trying  to  turn  back  the  tide  of  piracy  with  what 
has  to  be  one  of  the  dumbest  ideas  in  the  history  of 
the  increasingly  desperate  attempts  by  media  com¬ 
panies  to  protect  their  intellectual  property 
It  will  work  when  as  soon  as  the  protective  wrapper 
on  one  of  these  “special”  Disney  DVDs  is  stripped  off, 
a  reaction  between  the  air  and  a  chemical  in  the 
disk  will  cause  the  DVD  to  begin  to  turn  black,  ren¬ 
dering  it  . unreadable  by  the  DVD  laser  in  two  days. 

The  reason  this  is  dumb  is  that  until  the  disk  be¬ 
comes  unreadable,  it  can  still  be  copied  on  any 
computer  with  a  DVD  reader,  which  means  that  pro¬ 
viding  you  can  copy  the  disk  within  48  hours  there’s 
nothing  to  stop  you  from  copying. 

On  top  of  that,  there  will  now  be  millions  of  “dead” 
DVDs  creating  yet  another  giant  pile  of  non-biode- 
gradable  trash.  As  Homer  Simpson  would  say“Doh!” 
Want  more  craziness?  How  about  Defense  Adv¬ 


anced  Research  Projects  Agency  (DARPA)  renaming 
its  proposed  antiterrorist  data-mining  boondoggle 
from  the  Total  Information  Awareness  (T1A)  program 
to  the  Terrorist  Information  Awareness  program. 

1  wrote  about  TIA  some  weeks  ago,  but  in  case  you 
missed  my  rant  the  program  in  question  proposes  to 
broaden  government  surveillance  activities  to  in¬ 
clude  passport  applications,  visas,  work  permits,  dri¬ 
ver’s  licenses,  car  rentals  and  airline  ticket  purchases, 
as  well  as  integrating  data  such  as  financial,  educa¬ 
tional  and  medical  records. 

Apparently  DARPA  thinks  that  changing  “Total”  to 
“Terrorist”  will  give  the  whole  misguided  idea  greater 
credibility  —  perhaps  working  on  the  idea  that  it 
will  be  politically  harder  to  challenge  something 
ostensibly  focused  on  the  goal  of  defeating  terrorists. 

According  to  the  Associated  Press,  in  a  report  to 
Congress  DARPA  explained  the  old  name  “created  in 
some  minds  the  impression  that  TIA  was  a  system  to 
be  used  for  developing  dossiers  on  U.S.citizens.That 
is  not  [the  Department  of  Defense’s]  intent.”  DARPA 
went  on  to  say  that  the  goal  was  “to  protect  U.S.  citi¬ 
zens  by  detecting  and  defeating  foreign  terrorist 
threats  before  an  attack”  and  the  new  name  was  cho¬ 
sen  “to  make  this  objective  absolutely  clear.”  A  case,  1 
would  suggest,  of  putting  lipstick  on  the  pig. 

Perhaps  one  of  the  best-articulated  critiques  of  the 
practicality  of  the  TIA  program  was  by  the  editors  of 


Scientific  American  in  the  magazine’s  March  editorial 
entitled  Total  Information  Overload.” 

The  magazine’s  editors  have  noted  a  major  flaw  in 
the  whole  TIA  concept:  The  system  will  generate 
countless  false  positives  (saying  people  are  suspi¬ 
cious  when  they  aren’t)  as  well  as  false  negatives 
(missing  the  bad  guys). 

Also, see  the  thoughtful  analysis  by  Ben  Brunk  on 
the  numbers  involved  on  Declan  McCullagh’s  Fbli- 
tech  Web  site  (www.politechbot.com/pD4234.html). 

So  this  is  a  dumb  idea  on  par  for  sheer  silliness 
with  Disney  and  its  self-destructing  DVDs. 

What  is  obvious  is  that  both  groups  feel  compelled 
to  do  something,  indeed,  do  anything  so  they  can 
claim  to  be  taking  action  to  solve  the  perceived 
problem. This  is  despite  the  fact  that  those  actions 
will  be  expensive,  have  consequences  that  will  be 
serious  and  ultimately  be  futile. 

Once  again  we  have  the  spectacle  of  people  with 
too  much  power  and  influence  thinking  that  tech¬ 
nology  can  dig  them  out  of  a  situation  they  don’t 
want  to  be  in.They  fail  to  recognize  that  technology 
is  over-rated  as  a  solution  and  under-rated  as  a  prob¬ 
lem.  If  you  know  any  of  these  people  remind  them 
that  Thalidomide,  DDT  and  nuclear  power  all 
seemed  like  good  ideas,  too. 

Solutions  of  any  kind  to  backspin@gibbs.com. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

Snooping  by  any  other  name . . . 

One  of  the  IT  guys  here  takes  great 
pleasure  in  taunting  me  with  what  we 
both  know  is  his  unchecked  ability  to  monitor  my  Web  surfing  habits. 

He  doesn’t  actually  spy  on  me,  or  at  least  that’s  my  understanding.  It's  just  josh¬ 
ing.  And  because  there’s  a  high  level  of  trust  at  this  company,  the  joshing  is  all  in 
good  fun. 

But  there’s  nothing  funny  about  the  Pentagon's  Total  Information  Awareness 
data-mining  program,  in  large  part  because  I  don’t  trust  most  politicians  and 
bureaucrats  any  further  than  I  can  throw  Defense  Secretary  Donald  Rumsfeld. 
(Applying  a  coat  of  whitewash  by  changing  the  program's  name  toTerrorism 
Information  Awareness,  as  was  done  last  week,  insults  everyone's  intelligence 
and  doesn't  make  Rumsfeld  any  easier  to  toss.) 

The  broad  strokes  of  this  issue  are  not  controversial:  No  one  wants  to  see  an¬ 
other  major  terrorist  attack  happen  on  U.S.  soil.  And  no  one  wants  to  sacrifice  all 
of  our  civil  liberties  to  minimize  that  prospect  through  whatever  technological 
means  our  tax  dollars  can  buy. Therefore,  as  with  so  many  complex  matters,  this 
one  is  a  balancing  act. 

The  trouble  is  that  we've  lost  our  balance. 

At  the  same  time  lawmakers  are  complicating  your  professional  lives  by  man¬ 
dating  ever- stricter  controls  over  the  way  companies  handle  private  information 
—  HIPAA,  Gramm-Leach-Bliley,  Sarbanes-Oxley  —  that  same  government  is 
granting  itself  ever-wider  latitude  to  pry  into  the  personal  lives  of  Americans. 

Of  course,  swapping  privacy  for  ‘‘homeland  security”  is  nothing  to  worry  about 
is  long  as  we're  confident  that  the  men  and  women  entrusted  with  these  new 
powers  and  technologies  will  apply  them  rarely,  infallibly  and  only  against  actual 
would-be  terrorists.  We're  worry-free,  too,  as  long  as  the  individuals  employing 
t  r>  extraordinary  surveillance  and  data-mining  techniques  are  held  strictly 


accountable  by  outside  authorities  —  meaning  Congress  and  the  press,  primarily 
—  who  genuinely  appreciate  the  need  to  put  privacy  protection  ahead  of  protect¬ 
ing  bureaucratic  backsides. 

Oh,  and  risks  all  might  make  perfect  sense  if  you  presume  that  the  rewards  — 
significantly  enhanced  security  —  can  be  derived  in  the  bargain. 

And  what  are  the  odds  on  all  of  those  stars  aligning? 

Positively  terrific  —  a  slam-dunk  —  we  were  assured  last  week  by  officials 
from  the  Bush  administration  and  the  Defense  Advanced  Research  Projects 
Agency  (DARPA),  which  overseesTotal  Information  Awareness.  We’re  all  equally 
concerned  about  protecting  civil  liberties,  these  folks  told  Congress,  so  don’t  be 
listening  to  the  nervous  Nellies. 

The  Nellies  were  unimpressed,  to  say  the  least. 

"You  won't  find  terrorists  buying  C4  explosives  with  a  MasterCard,"  a  computer 
scientist  told  The  New  York  Times  by  way  of  expressing  his  skepticism  that 
data-mining  offers  any  significant  payoff  in  terms  of  added  security. 

As  for  potential  abuses,  if  you  want  a  shining  example  of  how  easily  "homeland 
security"  can  be  perverted  by  politicians  and  law  enforcement,  look  no  further 
than  the  recent  dust-up  in  Texas  between  Republican  lawmakers  and  a  band  of 
Democrats  who  fled  the  state  rather  than  allow  a  redistricting  power  grab.  No 
Democrats  meant  no  quorum,  which  meant  no  power  grab.  Incensed  Republicans 
responded  by  not  only  marshaling  local  law  enforcement  —  legal,  if  somewhat 
extreme  —  but  also  by  calling  on  a  federal  “homeland  security”  agency  designed 
to  track  terrorists  for  help  in  finding  a  lawmaker's  ostensibly  "missing"  airplane. 

Do  you  believe  for  one  minute  that  theTexas  protectors  of  civil  liberties  who 
thought  that  was  a  good  idea  would  hesitate  to  use  something  likeTotal  Infor¬ 
mation  Awareness  to  singe  the  backside  of  a  real  or  imagined  political  foe? 

There’s  a  better  chance  they'd  give  up  their  firearms  than  resist  that  temptation. 

Unlike  those  Democratic  lawmakers,  the  columnist  cannot  escape.  You  can  find 
him  at  buzz@nww.com. 
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